Understanding the real cost of a data breach

Insights on the latest risks and associated damages


Authored by RSM US LLP

Download 2020 NetDiligence Cyber Claims Study

As cybersecurity threats and data security events continue to evolve, understanding the costs and resources necessary to respond to a data breach is essential. While incidents at large organizations tend to grab the majority of the headlines, attacks on small and middle market companies often result in more harmful reputational and financial damages.  

RSM US LLP is a proud sponsor of the 10th annual NetDiligence® Cyber Claims Study, which provides greater insight into data breaches and a glimpse into their associated damages. This year's report is the most comprehensive ever, featuring analysis of 3,457 claims arising from events that occurred between 2015 and 2019. The data from these claims has been analyzed and distilled into over 100 categories, including types and amounts of losses, incident causes, types of data exposed, business sectors affected, revenue size of claimants, and the financial impact of 24 different variations of cybercrimes, including ransomware, business email compromise, phishing, malware and rogue employees.  

To present more accurate pictures of the business impact of cyber events on smaller versus larger organizations, the NetDiligence report presents findings for small to medium enterprises (SMEs) separately from findings for large companies. For the purposes of this report, SMEs are defined as organizations with less than $2 billion in annual revenue, while large companies are defined as organizations with $2 billion or more in annual revenue. 

To emphasize the ongoing, persistent cybersecurity threat to the middle market, 98% of claims in this year’s survey ($589 million in total) came from SMEs, while the remaining 2% ($410 million in total) came from large companies. 

“Recent data has shown how much hackers and other criminal enterprises are increasing their focus on small-to-midsize businesses,” said RSM Principal and Leader of National Security, Privacy and Risk Daimon Geopfert. “SMEs are often softer targets, because they typically don’t have the same depth of controls and protections in place as larger companies to quickly identify and prevent a breach. Knowing the costs associated with potential attacks can help organizations understand the challenges they are up against, and develop a proactive risk strategy.”  

Additional key study findings include:

  • The number of claims involving breaches from ransomware has increased dramatically in recent years, with 263 claims in 2019 compared to 19 claims in 2015.
  • Overall, ransomware was the leading cause of loss in the survey, averaging $175,000 in ransom amount and $275,000 in incident cost, both a significant increase over last year’s report.  
  • Ransomware, business email compromise and staff mistakes were the leading cause of loss for SMEs in 2019, while large companies encountered hackers, malware and viruses and staff mistakes most often.
  • Health care, professional services and retail were the SMEs that filed the most cyber claims in 2019, while larger companies in health care, financial services and retail were most affected. 

Download the 2020 NetDiligence Cyber Claims Study for more information and insights from the survey. In addition, read the 2020 RSM US Middle Market Business Index Cybersecurity Special Report for a deep dive into the sources of cybersecurity challenges facing middle market companies.