Login Register Subscribe
Current Issue

Payouts average $2.9M per cyber loss claim for large companies


Large companies’ average claim payout for a cyber-related loss is $2.9 million, while the average payout in the health care sector is $1.3 million, according to a study of insurance claims.

The study covered 117 data breach insurance claims, of which 111 involved the exposure of sensitive personal data in a variety of business sectors. The fourth annual NetDiligence Cyber Claims Study was released Wednesday by Gladwynne, Pennsylvania-based Network Standard Co., which does business as NetDiligence.

Personally identifiable information is the most frequently exposed data, accounting for 41% of breaches, according to the latest study. In the 2013 study, such data accounted for 28.7% of breaches.

Among other data in the study, hackers were the most frequent cause of loss, accounting for 30% of the total, followed by staff mistakes, at 14%. Third parties accounted for 20% of claims submitted, while there was insider involvement in 32% of the submitted claims.

The median number of records lost was 3,500, while 2.4 million was the average. The median claim payout was $144,000, and the average claim payout was $733,109. The median per-record cost was $19.84, while the average was $956.21.

The study said the median cost for crisis services, including forensics, notification, legal guidance and other miscellaneous factors, was $110,594, while the average was $366,484.

The median cost for legal defense was $283,300 while the average was $698,797. The median cost for legal settlement was $150,000, and the average cost was $558,520.

Sponsoring the study was Austin, Texas-based AllClear ID, an identity theft protection and data breach response company; Chicago-based McGladrey L.L.P., an assurance, tax and consulting firm, and security testing firm ICSA Labs, a unit of New York-based Verizon Communications Inc.