Cyber Claims & Losses Update
Understanding current cyber claim trends can be extremely helpful in assessing the cyber risk of a potential policyholder. This session at the 2018 NetDiligence® Cyber Risk Summit explored results from the most recent NetDiligence® Cyber Claims Study and the Verizon Data Breach Incident Response Report.
Speakers included:
- John Mullen, Partner, Mullen Coughlin
- Beth Diamond, Head of Third-Party Complex Claims, Beazley
- Brad Vatrt, Assistant Vice President, AIG
- Chris Novak, Global Director, Threat Research Advisory Center, Verizon
- John Spiehs, Assistant Vice President, AXIS
- Mark Greisiger, President & CEO, NetDiligence®
The NetDiligence® Cyber Claims Study, which analyzed over 1,200 claims in 2018, uncovered the following results:
- The five-year running average for per-breach costs totaled nearly $600K.
- The average breach for large companies was nearly $25M.
- The cost per record average was $5.2K.
- The average crisis service cost was $459K.
- The average cost of legal defense was $106K.
The Verizon Data Breach Incident Response Report studies security failures and develops actionable intelligence from them. The study evaluated nearly 60,000 incidents in 2018. The report found:
- E-mail is the most-common vector, with malware found in approximately 66% of phishing incidents. Most of these campaigns have few or no people reporting them to their I.T. department, which is also causing their spread.
- Ransomware occurrences have doubled since last year because it is effective. Organizations are paying to get their data back and hackers know this.
- Breach timelines show that data is compromised in minutes, however, organizations are taking months to discover they have been breached.
- Future outlook shows increased sophistication of threats.
The full report can be accessed at verizonenterprise.com/DBIR.
Newer claims trends include:
- Cryptojacking – The use of a computer for electronic currency mining malware. It will search your computer to steal the currency (like bitcoin). This is relatively new, but something that needs to be on the radar.
- Office 365 – There is a phishing attack trying to target individuals’ Office 365 credentials – more specifically access to the Outlook account. Once the hackers get access to that platform, they will use an individual’s e-mail account to spam other individuals in your organization to try to get information for direct financial transactions.
- Ransomware – There has been an explosive boom of increasingly severe ransomware on the market. Insureds do not seem to have adequate back up to defend against these attacks. The impact of these breaches are getting significantly more expensive – up to six figures – and these hackers are making repeat demands on the same companies.