Chubb has been a leading provider of cyber risk solutions since the launch of our first product in 1998. As a result of these decades of experience, we have gained meaningful insights into the various perils and average costs associated with cyber incidents in direct relation to the many industries affected.
By sharing our industry specific experience, our aim is to increase awareness of cyber exposures for our insureds and broker partners. This information can aid executives, risk managers and information technology professionals in crafting their overall enterprise risk management framework including proactive loss mitigation as well as cyber insurance tailored for the organization.
Our past decade of claims experience helps to dispel the notion that cyber insurance only responds to hacking and that these technology driven incidents only target organisations which handle a significant amount of data. In fact, all companies face cyber exposures far beyond the sophisticated incidents which occupy the news headlines.
The following are average costs our insureds have incurred in responding to cyber incidents before any follow on liabilities like regulatory proceedings or other litigation. While liability issues can’t always be mitigated, the majority of claims costs result from direct crisis costs incurred to contain and remediate the incident.
While the healthcare industry has made up the largest share of our cyber claims, the distribution of claims across all industries continues to widen.
While hacking has represented a majority of cyber incidents for some industries like Retail, a large share of the incidents we handle stem from other scenarios like rogue employees or simple human errors. For example, healthcare organisations have faced a vast majority of human related issues as opposed to malicious hacks.
All industries share one common denominator of rising claims from human-related errors, with the increase more pronounced in some industries than others. These trends can provide important insights for organisations as they identify their vulnerabilities and areas to allocate proactive risk mitigation resources.