Understanding the real cost of a data breach
Insights on the latest risks and associated damages
INSIGHT ARTICLE |
Authored by RSM US LLP
As cybersecurity threats and data security events continue to evolve, understanding the costs and resources necessary to respond to a data breach is essential. While incidents at large organizations tend to grab the majority of the headlines, attacks on small and middle market companies often result in more harmful reputational and financial damages.
RSM US LLP is a proud sponsor of the 10th annual NetDiligence® Cyber Claims Study, which provides greater insight into data breaches and a glimpse into their associated damages. This year's report is the most comprehensive ever, featuring analysis of 3,457 claims arising from events that occurred between 2015 and 2019. The data from these claims has been analyzed and distilled into over 100 categories, including types and amounts of losses, incident causes, types of data exposed, business sectors affected, revenue size of claimants, and the financial impact of 24 different variations of cybercrimes, including ransomware, business email compromise, phishing, malware and rogue employees.
To present more accurate pictures of the business impact of cyber events on smaller versus larger organizations, the NetDiligence report presents findings for small to medium enterprises (SMEs) separately from findings for large companies. For the purposes of this report, SMEs are defined as organizations with less than $2 billion in annual revenue, while large companies are defined as organizations with $2 billion or more in annual revenue.
To emphasize the ongoing, persistent cybersecurity threat to the middle market, 98% of claims in this year’s survey ($589 million in total) came from SMEs, while the remaining 2% ($410 million in total) came from large companies.
“Recent data has shown how much hackers and other criminal enterprises are increasing their focus on small-to-midsize businesses,” said RSM Principal and Leader of National Security, Privacy and Risk Daimon Geopfert. “SMEs are often softer targets, because they typically don’t have the same depth of controls and protections in place as larger companies to quickly identify and prevent a breach. Knowing the costs associated with potential attacks can help organizations understand the challenges they are up against, and develop a proactive risk strategy.”
Additional key study findings include:
- The number of claims involving breaches from ransomware has increased dramatically in recent years, with 263 claims in 2019 compared to 19 claims in 2015.
- Overall, ransomware was the leading cause of loss in the survey, averaging $175,000 in ransom amount and $275,000 in incident cost, both a significant increase over last year’s report.
- Ransomware, business email compromise and staff mistakes were the leading cause of loss for SMEs in 2019, while large companies encountered hackers, malware and viruses and staff mistakes most often.
- Health care, professional services and retail were the SMEs that filed the most cyber claims in 2019, while larger companies in health care, financial services and retail were most affected.
Download the 2020 NetDiligence Cyber Claims Study for more information and insights from the survey. In addition, read the 2020 RSM US Middle Market Business Index Cybersecurity Special Report for a deep dive into the sources of cybersecurity challenges facing middle market companies.
Call us at +1 213.873.1700, email us at email@example.com or fill out the form below and we'll contact you to discuss your specific situation.
This article was written by RSM US LLP and originally appeared on 2020-11-23.
2020 RSM US LLP. All rights reserved.
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/about us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.
Vasquez & Company LLP is a proud member of the RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.
For more information on how Vasquez & Company LLP can assist you, please call +1 213.873.1700.
Subscribe to receive important updates from our Insights and Resources.