Upload
hb-litigation-conferences
View
87
Download
0
Embed Size (px)
DESCRIPTION
Presented at NetDiligence Cyber Risk & Privacy Liability Forum in Santa Monica, Calif., Oct. 8-9, 2014.
Citation preview
NetDiligence®
Cyber Risk & PrivacyLiability Forum October 8-9, 2014
Speakers
Jeremy Gittler
Vice President & General Counsel
XL Group
New York, NY
Mark Greisiger
Founder
NetDiligence
Gladwyne, PA
James J. McQuaid
VP, Networking Security Technology
AIG
New York NY
Kimberly A. Horn
Specialty Lines Claims
Beazley Group
New York, NY
Thomas Kang
ACE USA Professional Risk
Los Angeles, CA
John Mullen, Managing Partner, Lewis Brisbois Bisgaard & Smith – Moderator
2014 Highlights of NetDiligence Cyber Claims Study• Looked at approx. 140 claims reported to some 15 cyber liability insurers
• Per Breach Costs
– Average claim $733K (median $144k)
• Large Co = $2.9 mil
• Medium = $688k
• Small = $664k
• Per Record Costs
– Average per-record cost*** $956 (2013 was $307)
– Average records lost 2.4 million (Median records lost: 3.5K)
• Crisis Services Costs (forensics, legal counsel, notification & credit monitoring)
– Average cost of crisis services $366k ($737 in 2013)
– Median cost of crisis services $110K
• Legal Costs (defense & settlement)
– Average cost of defense $698K ($575K in 2013)
– Average cost of settlement $558K ( $258k in 2013)
• Type of Data
– PII was the most frequently exposed data
(41% of breaches), followed by PHI (21%) and PCI (19%).
• Cause of Loss
– Hackers were the most frequent cause of loss (30%), followed by
Staff Mistakes (14%). (2013 stolen laptops was #1)
2014 Highlights of NetDiligence Cyber Claims Study
2014 Highlights of NetDiligence Cyber Claims Study
• Business Sectors– Healthcare most frequently breached (23%),
followed by Financial Services (22%).
• Company Size– Micro-cap (under $300M) had most incidents (47% combined).– Mid-Cap organizations ($2-$10B) lost the most records
$0.6
Comparing 2014 Findings
# of Records Per-Breach Cost Crisis Services Legal Defense Legal Settlement0.00.51.01.52.02.53.03.54.0
2014201320122011
Average # of Records Exposed & Cost by Type (in millions)
1.71.4
$3.7
$2.4
$0.9 $1.0
$0.5
$1.0
$2.1
$1.0
$0.4 $0.3$0.1
.
Preliminary Findings – 2014 Study
2.32.4
$733K
$0.4
$0.7 $0.6
Comparing 2014 Crisis ServicesAverage Expense (in thousands)
Forensics Notification Legal Guidance0
100
200
300
400
500
600
700
2014 2013 2012 2011
$101$119
$341
$170
$66$175
$198
$575
$469
$54
$242
Preliminary Findings – 2014 Study
$118
*All services provided directly to victims (notification, call center, credit monitoring and ID restoration) are now consolidated under the term ‘Notification’.
HHS Fines/Settlements • With Fines the Severity might increase for losses in 2015
Source NetDiligence® ..eRisk Hub®