Data breaches are costing insurance companies much more as the average cost per incident hiked to $3.7 million in 2011 from $2.4 million in 2010, a new study said.
Based on insurance claims submitted in 2011 for incidents that occurred from 2009 to 2011, the average number of records exposed decreased 18% to 1.4 million, according to NetDiligence’s “Cyber Liability & Data Breach Insurance Claims — A Study of Actual Payouts for Covered Breaches.”
A typical breach ranged from $25,000 to $200,000 in insurance costs, according to the study.
Legal damages stemming from data breaches represented the bulk of insurance costs, at an average of $582,000 for legal defense costs and an average of $2.1 million in settlements costs, compared with $500,000 and $1 million, respectively, in 2010, the study said.
The average insurance cost for crisis management services was $983,000, an increase of $183,000 compared with the previous year.
Of the claims incidents submitted for this year’s study, 42% of the data exposed was the unauthorized disclosure of personally identifiable information, a 27% increased compared with 2010.
The second-most frequently exposed data was private health information at 15%, a decrease of 16% over the previous year.
The most breached business sectors included financial services and health care, accounting for 26% and 20% of insurance claims, respectively, in 2011.
The 2011 report examines claims payout information from 137 underwriters of cyber liability insurers.