Risk management firm reports costs of cybercrime claims related to business emails have skyrocketed

Small and medium-sized businesses (SMBs) are facing increasing financial burdens, particularly due to the rise in business email compromise (BEC) incidents, according to NetDiligence’s 14th annual Cybercrime Claims Study.

The average cost of a BEC claim has skyrocketed from $84,000 in 2022 to $183,000 in 2023.

“While we saw a significant increase in incident costs related to business email compromise claims, we also saw a reduction in losses related to general “hacking” incidents,” Mark Greisiger, NetDiligence president and CEO, said in the report. “Other positive trends include: electronic fraud costs have steadily declined since 2020; healthcare SMBs appear to have continued to benefit from lower average incident costs; and manufacturing SMBs saw their costs drop to a five-year low.”

“Conversely, the financial services sector appears to have seen a sharp increase in incident costs, which continues to highlight the fact that cyber risk can and does evolve in different ways across sectors.”

This year’s report is based on data from more than 10,000 cyber insurance claims that occurred between 2019 and 2023.

SMEs in the professional services sector saw average incident costs increase from $199,000 in 2022 to $307,000 in 2023. In contrast, average incident costs for SMEs in the healthcare sector decreased from $583,000 in 2021 to $173,000 in 2023.

“SMBs in healthcare and manufacturing appear to be experiencing modest declines in incident costs,” said Mark Greisiger, president of NetDiligence, in a company press release. “However, the financial services sector is facing sharp increases in incident costs, reminding us that cyber risks evolve differently across industries.”

“Cyber ​​insurance claims costs remain significant, making it critical to address the issues that lead to high payouts,” said Ben Duffy, KYND’s North America leader, in the report. “The gap of approximately $40,000 and the significant correlation between incident costs and payouts underscore the unique value of cyber insurance in mitigating issues, helping policyholders avoid uncovered costs. Organizations must continue to move beyond a reactive posture and take a proactive, holistic approach to cyber risk.”

Duffy added that a rapid response to cybersecurity issues is critical to recovery.

“Rapid response, combined with complete and accurate information, is critical to mitigating cybersecurity issues as they arise. Continuous portfolio monitoring helps insurers identify impacted organizations before notifications arrive, providing incident responders with the data they need to act quickly. Rapid and effective action helps insurers reduce both professional services costs and the impacts of business interruption.”

According to the study, average business interruptions and corresponding average incident costs have remained high since 2019. A decrease in 2023 is most likely the result of a smaller number of claims collected so far for 2023, NetDiligence said.

“We continue to see SMB clients transform their businesses to rely more heavily on digital systems without understanding the risks inherent in complex digital ecosystems,” Alden Hutchison, director of RSM US, said in the report. “This becomes very evident during the recovery process for a client when it is clear that they have not planned for resiliency in their digital platform or practiced operating their business processes in a crisis scenario. It is critical to help companies be informed of their digital systemic risks and develop an appropriate resiliency plan for the business.”

Earlier this week, BMW i Ventures announced that it had invested in a cybersecurity company that specializes in software immunization.

The $12 million Series B funding round for RunSafe Security was led by Critical Ventures and SineWave Venture Partners, a BMW i Ventures press release said. It also included Working Lab Capital, Lockheed Martin Ventures, HyperLink Ventures, Iron Gate Ventures, Alsop Loui Partners and NextGen Venture Partners.

RunSafe Security is known for protecting software from cyberattacks without disrupting developers’ operations, the statement said. The company’s solutions have been adopted by industry leaders across a variety of sectors, including aerospace, defense and energy.

In August, two major U.S. auto dealers estimated a combined loss of nearly $73 million following a ransomware attack on CDK in July.

According to CBT Global, CDK has promised financial assistance to more than 15,000 dealerships affected by the attack. Class action lawsuits have been filed by dealerships and collision centers following the cyberattack.

Media reported that the company likely paid a $25 million ransom to Eastern European hacking group BlackSuit after the attack that shut down systems for nearly two weeks.

Images

Main image credits: dem10/iStock

Share this:

Related