Mike Tsikoudakis reports:
The average insurance cost per data breach incident increased sharply from $2.4 million in 2010 to $3.7 million in 2011, according to a new NetDiligence study released Tuesday.
Based on insurance claims that were submitted in 2011 for incidents that occurred from 2009 to 2011, the average number of records exposed decreased 18% to 1.4 million, according to NetDiligence’s “Cyber Liability & Data Breach Insurance Claims — A Study of Actual Payouts for Covered Breaches.”
A typical breach ranged from $25,000 to $200,000 in insurance costs, according to the study.
Read more on Business Insurance.
If NetDiligence’s figures seem lower than Ponemon’s, they offer an explanation:
When compared with the Ponemon Institute’s Seventh Annual U.S. Cost of a Data Breach Study, our figures appear to be extremely low. The institute reported an average cost of $5.5 million per breach and $194 per record. However, Ponemon differs from our study in two distinct ways: the data they gather is from a consumer perspective and as such they consider a broader range of cost factors such as detection, investigation and administration expenses, customer defections, opportunity loss, etc1. Our study concentrates strictly on costs from the insurer’s perspective and therefore provides a more focused view of breach costs.
The NetDiligence study also focuses primarily on insured per-breach costs, rather than per-record costs.
You can find the study on NetDiligence.