NetDiligence®

Cyber Risk & PrivacyLiability Forum October 8-9, 2014

Speakers

Jeremy Gittler

Vice President & General Counsel

XL Group

New York, NY

Mark Greisiger

Founder

NetDiligence

Gladwyne, PA

James J. McQuaid

VP, Networking Security Technology

AIG

New York NY

Kimberly A. Horn

Specialty Lines Claims

Beazley Group

New York, NY

Thomas Kang

ACE USA Professional Risk

Los Angeles, CA

John Mullen, Managing Partner, Lewis Brisbois Bisgaard & Smith – Moderator

2014 Highlights of NetDiligence Cyber Claims Study• Looked at approx. 140 claims reported to some 15 cyber liability insurers

• Per Breach Costs

– Average claim $733K (median $144k)

• Large Co = $2.9 mil

• Medium = $688k

• Small = $664k

• Per Record Costs

– Average per-record cost*** $956 (2013 was $307)

– Average records lost 2.4 million (Median records lost: 3.5K)

• Crisis Services Costs (forensics, legal counsel, notification & credit monitoring)

– Average cost of crisis services $366k ($737 in 2013)

– Median cost of crisis services $110K

• Legal Costs (defense & settlement)

– Average cost of defense $698K ($575K in 2013)

– Average cost of settlement $558K ( $258k in 2013)

• Type of Data

– PII was the most frequently exposed data

(41% of breaches), followed by PHI (21%) and PCI (19%).

• Cause of Loss

– Hackers were the most frequent cause of loss (30%), followed by

Staff Mistakes (14%). (2013 stolen laptops was #1)

2014 Highlights of NetDiligence Cyber Claims Study

2014 Highlights of NetDiligence Cyber Claims Study

• Business Sectors– Healthcare most frequently breached (23%),

followed by Financial Services (22%).

• Company Size– Micro-cap (under $300M) had most incidents (47% combined).– Mid-Cap organizations ($2-$10B) lost the most records

$0.6

Comparing 2014 Findings

# of Records Per-Breach Cost Crisis Services Legal Defense Legal Settlement0.00.51.01.52.02.53.03.54.0

2014201320122011

Average # of Records Exposed & Cost by Type (in millions)

1.71.4

$3.7

$2.4

$0.9 $1.0

$0.5

$1.0

$2.1

$1.0

$0.4 $0.3$0.1

.

Preliminary Findings – 2014 Study

2.32.4

$733K

$0.4

$0.7 $0.6

Comparing 2014 Crisis ServicesAverage Expense (in thousands)

Forensics Notification Legal Guidance0

100

200

300

400

500

600

700

2014 2013 2012 2011

$101$119

$341

$170

$66$175

$198

$575

$469

$54

$242

Preliminary Findings – 2014 Study

$118

*All services provided directly to victims (notification, call center, credit monitoring and ID restoration) are now consolidated under the term ‘Notification’.

HHS Fines/Settlements • With Fines the Severity might increase for losses in 2015

Source NetDiligence® ..eRisk Hub®