A surge in business e-mail compromises has placed a growing financial burden on small and medium-sized enterprises, according to a new report by NetDiligence, the cyber-risk readiness and response services company.

The US-based organisation’s 14th annual Cyber Claims Study has presented data from more than 10,000 cyber insurance claims spanning 2019 to 2023.

The company said: “Remarkably, when NetDiligence first published this study in 2010, it analysed fewer than 100 claims. The study’s rapid growth is a testament to the contributions of leading insurers and the critical insights it provides to the cyber insurance industry and beyond.”

The claims losses analysed within come from organisations across seven revenue groupings and 18 business sectors, covering 25 causes of loss and 13 types of data.

With over 20 different data breakdowns, the report covers key metrics such as crisis management, legal expenses, business interruption, recovery, total incident costs, data exposure, and ransomware impact.

NetDiligence said the report highlights distinct challenges for small to medium-sized enterprises and large companies.

The company said: “One of the standout findings is the growing financial burden on SMEs, particularly due to the surge in business e-mail compromise incidents. The average cost of a BEC claim skyrocketed from $84,000 in 2022 to a staggering $183,000 in 2023.

“The report also underscores the varying impact of cyber-risk across different sectors.

“In SMEs within the professional services sector, average incident costs surged from $199,000 in 2022 to $307,000 in 2023.

“In contrast, Healthcare SMEs saw their average incident costs continue to decline, from $583,000 in 2021 to $173,000 in 2023.”

Mark Greisiger, president of NetDiligence, said: “Healthcare and manufacturing SMEs seem to be benefiting from a modest drop in incident costs.

“However, the financial services sector is facing a sharp rise in incident costs, reminding us that cyber-risks evolve differently across industries.”

Mr Greisiger expressed gratitude for the study’s data contributors, saying: “We extend our sincere thanks to our cyber insurance partners, whose continued participation enables us to provide these invaluable insights to the cyber-risk and insurance community.”

The findings from the study will be presented at the NetDiligence Cyber Risk Summit in Philadelphia on October 1.

Two webinars next month will dive deeper into the report’s findings and the state of the cyber insurance market, NetDiligence said.