Ransomware drove cyber losses for small, medium businesses

Over the past five years, SMBs have faced an average ransom of $247,000 and around $350,000 in recovery costs per incident.

“With ransomware again the number one cause of loss, we will be watching closely to see whether cyber policyholders, especially SMEs, deploy sufficient cybersecurity safeguards to reduce their ransomware exposure and qualify for ransomware coverage,” Mark Greisiger, NetDiligence president, said. (Credit: zephyr_p/Adobe Stock)

During the past five years, ransomware has accounted for 40% of total incident costs related to cyber claims made by small- and medium-sized enterprises (SMEs), according to a study by NetDiligence, which also found SMEs face an average ransom of $247,000, while the cost to recover from an incident is around $350,000 for these size businesses.

Ransomware accounted for 32% of all SMEs’ cyber claims going back five years, while hackers made up the second most with 10% of claims. These two were followed by business email compromises, staff mistakes and phishing, respectively.

The average cost for large companies to respond to a cyberattack across incidents was $10.1 million, the cyber risk assessment company reported. For the study, SMEs had revenues of approximately $84 million, while large companies had average revenues of $11 billion.

Ransomware also accounted for nearly 80% of cyber claims with a business interruption loss and 81% of claims with a recovery expense loss. During 2020, the average recovery expense loss was $107,000, while the five-year average was $49,000.

“With ransomware again the number one cause of loss, we will be watching closely to see whether cyber policyholders, especially SMEs, deploy sufficient cybersecurity safeguards to reduce their ransomware exposure and qualify for ransomware coverage,” Mark Greisiger, NetDiligence president, said in a release. “If not, the challenge will be how we, as an industry, can help them get there.”

The study showed some positive trends, such as a reduction in the average cost of a hacking incident, which dropped from $634,000 to $430,000. “And within the financial sector, the average incident cost fell from $237,000 to $112,000,” Greisiger added.

The study also found that professional services accounted for the most cyber claims during the past five years, NetDiligence reported. Health care saw the second most, followed by manufacturing, retail and technology, respectively. These sectors have been atop this list stretching back more than a few years because these industries represent valuable and easy targets.

Related: