Cyber Claims Digest for 2020 Planning

Analysis of 2018 Cyber Claims Data by Society Insurance

Ransomware. Business email compromise. Spear phishing. This is the new language of business risk. Whether it’s a massive data breach that exposes customer information, or an automated ransomware attack that extorts bitcoin payments from a small business owner, the cybercrime wave continues to swell as the cybercrime economy becomes more sophisticated.

The threat of cyber attacks continues to top the list of executive concerns around the globe. According to the latest survey by The Conference Board, US-based CEO’s rank cybersecurity as their number one concern.

And here’s why…

Statistics on Cyber Attacks

  • The Identity Theft Resource Center reports that in 2018 over 1,200 incidents have exposed 440 million records of personal information, an increase of 126% over 2017.
  • CyberSecurity Ventures reports that ransomware cost businesses $5 billion worldwide in 2017 and upwards of $8 billion in 2018. And a recent report from the Insurance Industry Cybercrime Task Force noted that ransomware payment demands have significantly increased. “Demands of $250,000 to $500,000 were non-existent six months ago and are now a weekly occurrence.”
  • According to the 2018 Verizon Data Breach Investigations Report, 59% of all cyberattacks targeted small businesses. Costs to respond and recover from these attacks averaged almost $385,000. While the nature and extent of attacks on small business vary greatly, 67 percent of small businesses experienced a cyberattack and 58 percent experienced a data breach in the last 12 months.

Cyber Claims Overview

This report is based on nearly 1,800 cyber claims closed in the 2018 calendar year, up 15% over 2017. Overall, policyholders’ claims grew by 38% and cybercrime claims almost doubled from 2017—led by financial fraud.

Overall, policyholders’ claims grew by 38% and cybercrime claims almost doubled from 2017—led by financial fraud.

[Download graphic: 5 Ways Business Owners Put Data At Risk]

Financial Fraud

The most significant increase of cybercrime activity is in financial fraud, with an 89% increase over 2017 claims. Fraudulent transactions are often a result of email phishing schemes.

Phishing Fraud

Phishing schemes have become commonplace and effective—and they are becoming harder to recognize. Phishing attacks rely on human tendencies to trick people into revealing sensitive information, downloading malware, or committing financial fraud. Common phishing examples frequently come from sources with authority, such as: banks, financial institutions, the IRS, police, or company executives.

‘Spear-fishing’ targets a specific individual. Thieves are diligent in gathering background information on their targets from social media, blogs and other websites to appear more credible when crafting their scams. Attackers then play on emotional triggers including fear, urgency, and authority to trick their target into making impulsive decisions without thinking.

While phishing attacks at times led to a data breach in 2018, they often led to financial fraud, like fraudulent payments or wire transfers of funds to fraudulent accounts due to cybercriminals posing as policyholder clients or business partners.


Hacking is a method in which cybercriminals illegally gain access to computers. In many 2018 cases, this led to data exposure and data theft. Consequently, policyholders incurred substantial cyber breach response costs.


In 2017 and 2018, ransomware events were front and center as an area of great concern for insureds and remained the second-most cause of loss among cyber claims in each year. Over the past two years, 90 ransomware incidents were resolved among a broad range of businesses. Payment demands were wide-ranging and topped out over $30,000 (and in a variety of currencies). In addition to the actual ransom payments, the technical and legal expenses associated with negotiating and paying the cryptocurrency demands often tripled or quadrupled the cost of resolving the issue with
expenses often soaring over $70,000.

While in years past there has been a growing frequency of ransomware claims, the costs to recover and the demands for payment were not nearly as concerning as this year. In 2019, there has been a huge shift with ransom demands often 10 times more than in years past. In three separate events, ransom demands have ranged from $100,000 to $1.2 million. And, according to a broader study by the NetDiligence Industry Cybercrime Task Force, other carriers are seeing this trend of much higher ransom demands. As ransom demands climb, greater awareness and preparedness among
business owners is critical.

Costs of Cyber Claim

Consistent with 2017 data, the largest costs associated with cyber claims were IT forensics and breach coach/legal expenses.

IT forensic expenses are those related to the investigation of a breach, examination of what data may have been exposed or exfiltrated, cryptocurrency procurement and payment, and data decryption and/or system restoration. IT forensics
costs were up 105% over 2017 and represent 51% of the overall costs of cyber claims.

Breach coach/legal expenses are related to the legal fees incurred in managing the breach response, coordination of vendors and defense costs (where applicable). Breach coach/legal expenses were up 72% over 2017 and represent 30% of overall cyber claims expenses.

2018 Allocation of Cyber Claims Costs

Breach coach/legal expenses were up 72% over 2017 and represent 30% of overall cyber claims expenses.

Growing Response Costs

The overall number of cyber incidents grew 38%. This sharp uptick also led to significant increases in the costs of responding to the incidents in most categories, with the greatest increase in ‘notification’ and ‘IT forensics’ costs.

The overall number of cyber incidents grew by 38%. This sharp uptick also led to significant increases in the costs of responding to the incidents in most categories.

Preventing & Mitigating Losses from a Cyber Attack

We are often asked for suggestions or guidance on how to reduce the risk of a cyber incident. Given the complexity of ‘cyber incidents’ and the wide range of types of attacks, there are no easy answers. However, the more prepared an organization is to repond, the faster they recover.

Explore our data security blog series for educational resources.

As a means of ‘first response’ to a suspected incident, here’s a helpful guide of what to do in various situations to help mitigate the impact:

Helpful guide of what to do in various situations to help mitigate the impact of data breach or cyber attacks.

Keeping Vigilant & Informed of Cyber Incidents

Throughout 2018, we saw a broad range of cyber incidents and a wide variance in the costs of claims. In 2019, the greatest concern is the shift in the severity of these activities. Greater awareness and preparedness is critical.

Business owners should consider an extra layer of protection by adding cyber liability coverage to their current insurance plan. Get in touch with your local Society agent today to learn more.


As a mutual insurance company, we operate and exist for the benefit of our policyholders. For more than 100 years, Society has been helping businesses overcome the unexpected with comprehensive coverage packages and outstanding claims handling, underwriting and risk management.

Latest Articles

Resolving Conflict in the Workplace Amicably

On average, 85% of employees will experience conflict in the workplace (Essential Workplace...

The Benefits of Active Listening in the Workplace

When people on a team struggle to listen to each other,...

Can You Use FMLA for Mental Health?

The Family and Medical Leave Act (FMLA) guarantees qualified workers the right to unpaid leave for...

Why Remote Teams Need Inclusive Workplace Practices

For most businesses, remote work is now a way of life in some capacity. Advances in technology and...

How to Motivate Employees as a Manager During Uncertain Times

As a manager in the restaurant industry, it can be challenging to motivate your employees during...

3 Reasons Why Authenticity in the Workplace Matters

Regardless of industry, a business is only as strong as its employees. Even the best products,...

Top Advice For Graduates Trying to Start a Career

As of 2020, there is an average of over 4 million students who have graduated from colleges in the...


Originally published January 29, 2019, updated January 18, 2023. Many parts of the country are no...

A Guide to Safe Keg Handling

At one time or another, almost everyone who works in the restaurant and bar industry has been...

2022 Year in Review

Society Insurance is committed to providing blog posts to help business owners optimize daily...

Stay up to date with industry updates by subscribing to the Society Insurance blog!