2. Speakers
Jeremy Gittler
Vice President &
General Counsel
XL Group
New York, NY
John Mullen, Managing Partner, Lewis Brisbois Bisgaard & Smith – Moderator
Mark Greisiger
Founder
NetDiligence
Gladwyne, PA
James J. McQuaid
VP, Networking
Security Technology
AIG
New York NY
Kimberly A. Horn
Specialty Lines Claims
Beazley Group
New York, NY
Thomas Kang
ACE USA
Professional Risk
Los Angeles, CA
3.
4. 2014 Highlights of NetDiligence Cyber Claims Study
• Looked at approx. 140 claims reported to some 15 cyber liability insurers
• Per Breach Costs
– Average claim $733K (median $144k)
• Large Co = $2.9 mil
• Medium = $688k
• Small = $664k
• Per Record Costs
– Average per-record cost*** $956 (2013 was $307)
– Average records lost 2.4 million (Median records lost: 3.5K)
• Crisis Services Costs (forensics, legal counsel, notification & credit monitoring)
– Average cost of crisis services $366k ($737 in 2013)
– Median cost of crisis services $110K
• Legal Costs (defense & settlement)
– Average cost of defense $698K ($575K in 2013)
– Average cost of settlement $558K ( $258k in 2013)
5. 2014 Highlights of NetDiligenceCyber Claims Study
• Type of Data
– PII was the most frequently exposed data
(41% of breaches), followed by PHI (21%) and PCI (19%).
• Cause of Loss
– Hackers were the most frequent cause of loss (30%), followed by
Staff Mistakes (14%). (2013 stolen laptops was #1)
6. 2014 Highlights of NetDiligenceCyber Claims Study
• Business Sectors
– Healthcare most frequently breached (23%),
followed by Financial Services (22%).
• Company Size
– Micro-cap (under $300M) had most incidents (47% combined).
– Mid-Cap organizations ($2-$10B) lost the most records
7. Comparing 2014 Findings
$0.6
4.0
3.5
3.0
2.5
2.0
1.5
1.0
0.5
0.0
2.3
2.4
$733K
# of Records Per-Breach Cost Crisis Services Legal Defense Legal Settlement
2014
2013
2012
2011
Average # of Records Exposed & Cost by Type (in millions)
1.7
1.4
$3.7
$2.4
$1.0 $0.9
$0.5
$1.0
$2.1
$1.0
$0.4
$0.3
$0.1
.
Preliminary Findings – 2014 Study
$0.4
$0.7
$0.6
8. Comparing 2014 Crisis Services
Average Expense (in thousands)
700
600
500
400
300
200
100
0
Forensics Notification Legal Guidance
2014 2013 2012 2011
$101
$119
$341
$170
$66
$175
$198
$575
$469
$54
$242
Preliminary Findings – 2014 Study
$118
*All services provided directly to victims (notification, call center, credit monitoring
and ID restoration) are now consolidated under the term ‘Notification’.
9.
10. HHS Fines/Settlements
• With Fines the Severity might increase for losses in 2015
Source NetDiligence® ..eRisk Hub®