A New Study on Cyber Incident Costs
A new study has found that the fastest-growing cost associated with cyber incidents is business interruption. This highlights the need for businesses to establish strong response and data restoration measures, especially after a ransomware attack.
Between 2019 and 2023, the average cyber insurance claim involving business interruption cost 450% more than claims without lost income, according to the “2024 NetDiligence Cyber Claims Study.”
Business interruption can occur if a cyberattack, such as ransomware, fully or partially disables a company’s operations. It can also happen through a vendor’s cyberattack, causing losses or operational shutdowns for the client company. This is called “contingent business interruption,” which may arise if an attack impacts a supplier’s production crucial to another company’s operations.
Small and Mid-Sized Firm Losses
Claims with no business interruption losses:
- Crisis services: $96,000
- Regulatory and legal: $24,000
- Total incident cost: $205,000
Claims with business interruption:
- Business interruption: $487,000
- Crisis services: $279,000
- Recovery expense: $115,000
- Total incident cost: $995,000
For large companies, the average business interruption cost was $26 million, with total incident costs averaging $36 million between 2019 and 2023.
What You Can Do
To reduce the chances of a cyberattack, implement robust systems, policies, and training within your organization. One study author noted that many clients lack preparedness, which becomes evident during the recovery process when resilience and crisis management are untested.
Expert Recommendations
- Disconnect all networks: As soon as a threat is discovered, disconnect all devices to prevent the attack from spreading.
- Conduct regular backups: Store backups in a secure, offsite location for swift recovery. Be cautious, as ransomware can remain dormant for months, potentially infecting backups. Run anti-malware software on all systems before restoring.
- Make detailed plans: Develop a response plan with clearly defined roles, responsibilities, and recovery priorities.
- Continuously monitor: Keep an eye on network traffic for suspicious activity to detect threats early.
Cyber Coverage
A comprehensive cyber insurance policy is essential. Most policies cover business interruption due to internal cyber events and contingent business interruption from events affecting vendors. You can often work with us to customize your cyber policy to meet your business’s unique needs.