A recent study conducted by cyber insurance platform vendor Corax and global law firm Clyde & Co has found that the overall cost of a data breach event is 36% lower for insureds who use trusted panel vendors to manage incidents, as opposed to those who opt for the open market approach.
The white paper, Cyber Breach Insights: Key Drivers Beyond Cyber Insurance Claims, uses anonymized invoice data from 321 randomly selected US breach events between 2014 and 2015, to provide new insight on frequency, cost and duration of data breach events.
One of the key findings was that panel vendors - trusted third-party advisors selected by insurers, often with fixed rates and contractual obligations - can drive significant breach cost savings. The overall cost of breach events involving panel vendors was $16,000, compared to non-panel’s $25,000. The largest drivers of cost savings for panel versus non-panel events were: credit monitoring ($500 versus $2,000), legal fees ($3,000 versus $6,000) and public relations ($6,000 versus $11,000).
“According to our research, there’s no doubt about the cost benefits associated with using panel vendors,” said report co-author Marcus Breese, head of insurance innovation and strategy at Corax. “Post-breach credit monitoring is one of the best examples. The average cost of credit monitoring for a company who bought credit monitoring codes in the open market was about $2,000, but with a panel vendor that dropped to $500, which is a significant difference. Likewise, legal fees were half the price on average if the insured went to a panel vendor.”
More and more primary carriers are establishing panel relationships with the aim of reducing the costs associated with a data breach. However, setting and running a panel of vendors is actually “quite a challenging thing to do,” according to Breese, who set up a panel of vendors during his previous role as cyber head at Hiscox.
“Setting up a panel of vendors is not a one-off process,” he told Insurance Business. “Panels need to be constantly managed with regards to legal contracts and pricing to ensure they’re being run in the most efficient and effective manner possible, and to ensure the carrier’s getting the maximum benefit from it. It’s a lot more complex than just listing a few company names on a piece of paper.”
One breach related cost that wasn’t impacted significantly by panel or non-panel vendors was forensic costs, which came out at an average of $13,000 for panel and $16,000 for non-panel. This shows that the cost of establishing exactly what has happened in a breach is relatively fixed. It doesn’t vary greatly by the number of records or complexity of the breach.
“I think insurers and brokers can gain a lot of advantage and consumer trust by focusing on and selling more of the services related to cyber insurance,” Breese added. “They should make clients aware of the benefits gained by having access to pre-vetted vendors who can assist at a time of crisis in a really smooth way. Our study provides cost-driven analysis, which is valuable information to consider when looking at premium versus risk in cyber.”