Risk company reports sharp rise in compensation costs for cybercrime via business email

According to NetDiligence’s 14th annual Cyber ​​Claims Study, cybercrime is a growing financial burden for small and medium-sized businesses (SMBs), particularly due to the increase in Business Email Compromise (BEC) incidents.

The average cost of a BEC claim rose from $84,000 in 2022 to a staggering $183,000 in 2023.

“While we have seen a significant increase in incident costs for claims related to business email compromise, there has also been a decrease in losses related to general 'hacking' incidents,” explained Mark Greisiger, president and CEO of NetDiligence, in the report. “Some other positive trends are emerging: Wire fraud costs have steadily declined since 2020; healthcare SMBs appear to continue to benefit from declining average incident costs; and manufacturing SMBs saw their costs drop to a five-year low.

“In contrast, the financial services sector appears to be experiencing a sharp increase in incident costs, further highlighting the fact that cyber risk can – and usually does – evolve differently across different sectors.”

This year's report is based on data from more than 10,000 cyber insurance claims made between 2019 and 2023.

For SMEs in the professional services sector, the average incident cost increased from $199,000 in 2022 to $307,000 in 2023. In contrast, the average incident cost for SMEs in healthcare decreased from $583,000 in 2021 to $173,000 in 2023.

“SMBs in healthcare and manufacturing appear to be benefiting from a slight decline in incident costs,” said Mark Greisiger, president of NetDiligence, in a company press release. “However, the financial services sector is facing a sharp increase in incident costs, reminding us that cyber risk is evolving differently across industries.”

“The cost of cyber insurance claims remains significant, making it critical to address the issues that lead to high payouts,” said Ben Duffy, KYND's North America chief, in the report. “The approximately $40,000 gap and the significant correlation between incident costs and payouts underscore the unique value of cyber insurance in mitigating problems and helping insureds avoid uncovered costs. Organizations must continue to move beyond a reactive posture and take a proactive, holistic approach to cyber risk.”

Duffy added that rapid response to cybersecurity issues is critical to recovery.

“Rapid response combined with the most comprehensive and accurate information is critical to mitigating emerging cybersecurity issues. Continuous portfolio monitoring helps insurers identify affected organizations before notifications arrive and provides responders with the data they need to act quickly. By acting quickly and effectively, insurers can reduce both the cost of professional services and the impact of business interruption.”

According to the study, average business interruption and corresponding average incident costs have remained high since 2019. A decline in 2023 is most likely due to a lower number of claims collected so far for 2023, according to NetDiligence.

“We continue to see SMB clients transform their businesses to be more reliant on digital systems without understanding the inherent risks that come with complex digital ecosystems,” said Alden Hutchison, managing director of RSM US, in the report. “This becomes very apparent during the recovery process for a client when it is clear that they have neither planned for the resilience of their digital platform nor practiced the operation of their business processes during a crisis scenario. Helping companies understand their digital systemic risks and create an appropriate business resilience plan is critical.”

Earlier this week, BMW i Ventures announced that it had invested in a cybersecurity company specializing in software immunization.

RunSafe Security's $12 million Series B funding round was led by Critical Ventures and SineWave Venture Partners, according to a press release from BMW i Ventures. Also participating were Working Lab Capital, Lockheed Martin Ventures, HyperLink Ventures, Iron Gate Ventures, Alsop Loui Partners and NextGen Venture Partners.

RunSafe Security is known for protecting software from cyberattacks without disrupting developers' operations, the press release said. The company's solutions are adopted by industry leaders in various sectors such as aerospace, defense and energy.

In August, two major U.S. auto dealerships estimated their total losses at nearly $73 million following a ransomware attack on CDK in July.

According to CBT Global, CDK has promised financial assistance to more than 15,000 dealers affected by the attack. Following the cyberattack, dealers and accident centers have filed class action lawsuits.

Media reported that the company is believed to have paid a ransom of $25 million to the Eastern European hacker group BlackSuit following the attack, which initially resulted in a system outage lasting nearly two weeks.

Pictures

Photo credit: dem10/iStock

Split:

Related