Average insurance cost per data breach rises to $3.7M: Study

The average insurance cost per data breach incident increased sharply in 2011.

The average insurance cost per data breach incident increased sharply from $2.4 million in 2010 to $3.7 million in 2011, according to a new NetDiligence study released Tuesday.

Based on insurance claims that were submitted in 2011 for incidents that occurred from 2009 to 2011, the average number of records exposed decreased 18% to 1.4 million, according to NetDiligence's “Cyber Liability & Data Breach Insurance Claims — A Study of Actual Payouts for Covered Breaches.”

A typical breach ranged from $25,000 to $200,000 in insurance costs, according to the study.

Legal damages stemming from data breaches represented the bulk of insurance costs, at an average of $582,000 for legal defense costs and an average of $2.1 million in settlements costs, compared with $500,000 and $1 million, respectively, in 2010.

The average insurance cost for crisis management services was $983,000, an increase of $183,000 compared with the previous year.

Of the claims incidents submitted for this year's study, 42% of the data exposed was the unauthorized disclosure of personally identifiable information, a 27% increased compared with 2010.

The second-most frequently exposed data was private health information at 15%, a decrease of 16% over the previous year.

The most breached business sectors included financial services and health care, accounting for 26% and 20% of insurance claims, respectively, in 2011.

The 2011 report examines claims payout information from 137 underwriters of cyber liability insurers.

For a summary of the report, click here.