Risk company reports business email cybercrime claim costs have skyrocketed

There is a growing financial burden on small- to medium-sized enterprises (SMEs) when it comes to cybercrime, particularly due to the surge in Business Email Compromise (BEC) incidents, according to NetDiligence’s 14th annual Cyber Claims Study.

The average cost of a BEC claim skyrocketed from $84,000 in 2022 to a staggering $183,000 in 2023.

“While we’ve seen a significant increase in incident costs for business email compromise claims, there’s also been a reduction in losses related to general ‘hacker’ incidents,” stated Mark Greisiger, NetDiligence president and CEO, in the report. “Some additional positive trends noted include: wire fraud costs have steadily declined since 2020; healthcare SMEs appear to have continued to benefit from decreasing average incident costs; and manufacturing SMEs saw their costs drop to a five-year low.

“Conversely, the financial services sector appears to have experienced a sharp increase in incident costs, which continues to underscore the fact that cyber risk can — and usually does — evolve in different ways for different sectors.”

This year’s report is based on data from more than 10,000 cyber insurance claims that occurred from 2019 through 2023.

Professional services sector SMEs saw average incident costs surge from $199,000 in 2022 to $307,000 in 2023. In contrast, average incident costs for healthcare SMEs declined from $583,000 in 2021 to $173,000 in 2023.

“Healthcare and manufacturing SMEs seem to be benefiting from a modest drop in incident costs,” said Mark Greisiger, NetDiligence president, in a news release from the company. “However, the financial services sector is facing a sharp rise in incident costs, reminding us that cyber risks evolve differently across industries.”

“The cost of cyber insurance claims remains significant, making addressing the issues leading to high payouts crucial,” said Ben Duffy, KYND head of North America, in the report. “The ~$40K gap and significant correlation between incident costs and payouts underscores the particular value of cyber insurance in mitigating issues, helping insureds avoid uncovered costs. Organizations must continue to move beyond a reactive stance and adopt a proactive, holistic approach to cyber risk.”

Duffy added that a fast response to cybersecurity issues is critical to recovery.

“Rapid response, combined with the most comprehensive and accurate information, is crucial in mitigating cybersecurity issues as they arise. Continuous portfolio monitoring helps insurers identify affected organizations before notifications arrive, providing incident responders with the data they need to act quickly. Swift and effective action enables insurers to reduce both professional service costs and business interruption impacts.”

According to the study, average business interruption and corresponding average incident costs have remained high since 2019. A decrease  in 2023 is most likely a result of a smaller set of claims collected so far for 2023, NetDiligence said.

“We continue to see SME clients transform their businesses to be more reliant on digital systems while failing to understand the inherent risks that come from complex digital ecosystems,” said Alden Hutchison, RSM US principal, in the report. “This becomes very evident during the recovery process for a client where it’s clear they haven’t planned for resilience in their digital platform nor practiced operating their business processes during a crisis scenario. Helping educate companies on their digital systemic risks and build a proper resiliency plan for the business is vital.”

Earlier this week, BMW i Ventures announced it had invested in a cybersecurity firm that specializes in software immunization.

The $12 million Series B funding round for RunSafe Security was led by Critical Ventures and SineWave Venture Partners, a press release from BMW i Ventures says. It also included Working Lab Capital, Lockheed Martin Ventures, HyperLink Ventures, Iron Gate Ventures, Alsop Loui Partners, and NextGen Venture Partners.

RunSafe Security is known for protecting software from cyberattacks without disrupting developer operations, according to the release. It says the company’s solutions have been adopted by industry leaders across various sectors including aerospace, defense, and energy.

In August, two major U.S. auto dealerships estimated a combined loss of nearly $73 million following a ransomware attack on CDK in July.

CDK has promised financial relief to more than 15,000 dealerships impacted by the attack, according to CBT Global. Class action lawsuits were filed by dealerships and collision centers following the cyberattack.

Media reported the company likely paid a $25 million ransom to Eastern European hacking group BlackSuit following the attack that caused systems first to shut down for nearly two weeks.

Images

Featured image credit: dem10/iStock

Share This:

Related