NAS Insurance’s recent analysis of 2018 cyber claims brought some interesting findings to light. It identified the most common causes of cyber claims last year and provided examples of some real claims scenarios that the company faced. The report also highlighted how cyber claims are evolving and pointed to some important changes.
One area that remained consistent with 2017, however, was the cost of cyber claims: across both healthcare and non-healthcare claims, the largest costs associated with cyber claims were IT forensics and breach coach/legal expenses.
“IT forensics expenses are those related to the investigation of a breach, examination of what data may have been exposed or exfiltrated, crypto-currency procurement and payment, and data decryption and/or system restoration,” explains Jeremy Barnett, senior vice president of marketing at NAS Insurance. “Breach coach/legal expenses are related to the legal fees incurred in managing the breach response, coordination of vendors and defense costs, where applicable.”
The NAS Insurance 2019 Cyber Claims Digest did find some significant upticks in a specific loss area. Among healthcare insureds, breach coach/legal expenses in 2018 led all categories and represented 45% of cyber claims costs vs only 9% in 2017. IT forensics expenses among healthcare policyholders were relatively flat vs 2017, however - they comprised 33% of overall claims expenses for the category.
“For non-healthcare claims, the IT forensics costs were up 105% over 2017 and represented 51% of the overall costs of cyber claims,” Barnett says. “Breach coach/legal expenses were up 72% over 2017, and represented 30% of overall cyber claims expenses.”
Among NAS’s healthcare clients, the costs of cyber claims were lower last year than 2017 in each category. Barnett attributes those 2017 claims numbers to several significant breaches that affected hundreds of thousands of patients, thereby increasing costs for areas such as notification, call centers and credit monitoring
“In 2018, while the number of breaches increased, the universe of affected individuals decreased 34%,” Barnett says. “Among non-healthcare businesses, the overall number of cyber incidents grew 38%. This sharp uptick also led to significant increases in the costs of responding to the incidents, in every category, with the greatest increase in notification and forensics costs.”