Reported costs of cyberattacks are ‘tip of the iceberg’ – QBE

A $40K loss could end up as $800K in unknown costs, says expert

Reported costs of cyberattacks are ‘tip of the iceberg’ – QBE


By Bethan Moorcraft

The mass media only reports the tip of the iceberg when it comes to cyberattacks. The real cost of a cyber claim remains drastically underreported, according to Scott Pidduck, senior underwriter at QBE Insurance Group.

If a small to mid-sized company is exposed to a ransomware attack and is asked to cough up an extortion rate of $30,000, most companies would consider that a soft event. A $30,000 hit wouldn’t have a significant impact on the balance sheet of many well-established companies.

“What they don’t see are the hidden costs of a cyberattack, such as the forensic investigation, payment of lawyers to go through notification provisions, communication of the attack, the reputational harm and so forth,” Pidduck told Insurance Business.

Celebrate excellence in insurance. Join us for the Insurance Business Awards in Chicago.

“A $40,000 loss in the mainstream press could actually include $800,000 in unknown costs. Not many people are seeing that quantification directly, and it’s not until they get close to their insurers and their brokers that they’re starting to understand what they’re missing in the media.”

One of the main stumbling blocks to cyber insurance is that lots of companies think they’re immune. On average, a company spends about 8-12% of its IT budget on cyber security. That might sound like a significant amount, but not when you compare it to a hacker’s 100% commitment to the cyberattack cause.

“A company might focus 12% of their attention on cyber security but a hacker is going to spend 100% of its time and effort trying to disrupt that – so who’s going to win? If a cyber criminal really wants to get in, they’re going to get in,” said Pidduck.

“Insurers and brokers need to be proactive and collaborate as much as possible to educate clients about cyber security and the true costs of a cyber event. Brokers can reach out to forensics teams and speak to other people in the cyber security industry in order to better educate their clients.”

Insurance brokers should do their best to educate clients and stay on top of developing cyber risk as the courts become more interested in the market, according to Pidduck.

Cyber insurance is a new age market. It has become mainstream and the courts are starting to take that into account. Cyber insurance should be top of mind for brokers offering corporate solutions, or at least educating clients about cybersecurity. There’s a lot of opportunity in the cyber insurance space,” he said.

Related stories:
Security experts say next major cyberattack could affect the nation’s utilities
Cyber insurance is like “the Wild West”

Keep up with the latest news and events

Join our mailing list, it’s free!