2014 Cyber Attacks Reviewed
For the last four years, cyber risk management firm Net Diligence has done a report on cyber insurance claims for the year…and 2014 has been a hell of a year for cyber attacks. This year’s report has been published and has some very interesting findings pertaining to the startup community. An excerpt from the introductory pages reads:
“For this study, we asked insurance underwriters about data breaches and the claim losses they sustained. We looked at the type of data exposed, the cause of loss, the business sector in which the incident occurred and the size of the affected organization. For the first time, this year we also looked at the two additional data points: was there insider involvement and was a third- party vendor responsible for the incident.”
While the general claims data is valuable, the 3rd party vendor data is particularly important for startups. From AWS to Heroku to WordPress, almost all startups use a slew of these vendors to host and deploy their apps and content.
Here are the biggest takeaways from this year’s study:
- Startups accounted for roughly 23% of claims reported. The study considered 3 revenue ranges for “small revenue” companies. Companies under $2B accounted for 75% of the claims studied and companies under $50M in revenues accounted for 23%.
- 20% of claim situations arose due to an error of a 3rd party vendor.
- Healthcare and financial services were the 2 most frequently breached areas, collectively accounting for 55% of the studied breach incidents. The study notes that the healthcare space has seen a rise in claims due to a more aggressive approach taken by state attorney generals in recent years.
- The average cost to defend a data breach claim was $698,797. The average cost for legal settlement was $558,520.
The key takeaway here is that while Home Depot and Target have received most of the data breach press over the last year, it doesn’t mean that startups are any less of a target. Furthermore, some of the areas most ripe for disruption – Healthcare and Fintech – are particularly exposed to cyber risks. A base level cyber insurance policy with $1M limits can go a long way for a company that plans on making big waves in one of these areas.