Average insurance cost per data breach rises to $3.7M: Study

Mike Tsikoudakis reports:

The average insurance cost per data breach incident increased sharply from $2.4 million in 2010 to $3.7 million in 2011, according to a new NetDiligence study released Tuesday.

Based on insurance claims that were submitted in 2011 for incidents that occurred from 2009 to 2011, the average number of records exposed decreased 18% to 1.4 million, according to NetDiligence’s “Cyber Liability & Data Breach Insurance Claims — A Study of Actual Payouts for Covered Breaches.”

A typical breach ranged from $25,000 to $200,000 in insurance costs, according to the study.

Read more on Business Insurance.

If NetDiligence’s figures seem lower than Ponemon’s, they offer an explanation:

When compared with the Ponemon Institute’s Seventh Annual U.S. Cost of a Data Breach Study, our figures appear to be extremely low. The institute reported an average cost of $5.5 million per breach and $194 per record. However, Ponemon differs from our study in two distinct ways: the data they gather is from a consumer perspective and as such they consider a broader range of cost factors such as detection, investigation and administration expenses, customer defections, opportunity loss, etc1. Our study concentrates strictly on costs from the insurer’s perspective and therefore provides a more focused view of breach costs.

The NetDiligence study also focuses primarily on insured per-breach costs, rather than per-record costs.

You can find the study on NetDiligence.

About the author: Dissent