Every day we hear about a new cyber attack somewhere. It’s a large business or corporation, or a large or small city. Sometimes it’s a small business. Governments are vulnerable. Individuals are vulnerable.
The list of who’s been hit keeps growing. So do the costs.
The Internet Society’s Online Trust Alliance (OTA) took a look at statistics and came up with a claims cost total for all of 2018. Incidents like those just described had losses of $45 billion.
And that’s just the incidents that have been reported.
All this is from the OTA Cyber Incident and Breach Trends report. It looked at over two million cyber incidents. This includes record exposures, ransomware attacks, data breaches and other forms of cyber crime. The financial impact — that $45 billion just mentioned — rose 60% from 2017 to 2018. Attacks on business emails doubled. Cryptojacking incidents tripled.
“All of this begs the question ‘are things getting better or worse?’” the OTA report said. “The answer is ‘both’ — as some types of attacks wane, others rise. What is very clear is that there are too many cyber incidents creating an unacceptable level of financial impact.”
Data breaches are the way most of us lose our personal data. The good news there is the number of records exposed in 2018 dropped to five million. They’re down 35.9%.
Before you think that’s good, OTA spokesman Jeff Wilber said there is no real reason to be optimistic. “While it’s tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim,” Wilbur said. “So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we’ve seen in the past.”
Specialty insurer NAS Insurance did a study of cyber claims in 2018. In the NAS Insurance 2019 Cyber Claims Digest the company looked at the most common causes of those claims.
One thing that is most common between 2017 and 2018 is the high cost of claims in both healthcare and the non-healthcare sectors. NAS Insurance spokesman Jeremy Barnett said IT forensics and breach coaching and legal expenses are what drove up costs the most.
“IT forensics expenses are those related to the investigation of a breach, examination of what data may have been exposed or exfiltrated, crypto-currency procurement and payment, and data decryption and/or system restoration,” Barnett noted. “Breach coach/legal expenses are related to the legal fees incurred in managing the breach response, coordination of vendors and defense costs, where applicable.”
• 45% of all cyber claim costs were in the healthcare
• Just 9% of all cyber claims were in healthcare in 2017
• IT forensic costs were flat in 2018
• However, in 2017 they accounted for 33% of all claims expenses
Non healthcare claims:
• Forensic costs rose 105% from 2017 to 2018
• They account for 51% of all claims costs
• Breach coach and legal expenses rose 72% over 2017
• They are 30% of all cyber claims expenses
“In 2018, while the number of breaches increased, the universe of affected individuals decreased 34%,” Barnett pointed out. “Among non-healthcare businesses, the overall number of cyber incidents grew 38%. This sharp uptick also led to significant increases in the costs of responding to the incidents, in every category, with the greatest increase in notification and forensics costs.”
Sadly, the OTA report said 95% of data breaches in 2018 were preventable. Common sense and some simple security approaches like employee education on data security and privacy and the establishment of relationships with data protection officials would have helped.
Source links: The Hill, Insurance Business America