AdobeStock_534476114

Webinar Recap: The True Cost of a Cyber Incident

Proper Sky
8 min read

Thank you to everyone who attended our live webinar: From Breach to Balance Sheet – The True Cost of a Cyber Incident

Experts from Proper SkyBlackPoint, and Techrug weighed in on the connection between IT, security, and insurance—so you can protect not just your systems, but your balance sheet.

Did you miss the webinar? Get a link to the recording here and check out insights from the Q&A session below!

average cost of an incident by sector

During this session we discussed:

  • The financial impact of cybersecurity incidents across various sectors, with the average cost per incident reaching $264,000 in 2025—and significantly higher in industries like healthcare ($566,000), manufacturing ($400,000), and financial services ($329,000). We also noted that 98% of claims came from small and medium-sized enterprises (SMEs), emphasizing that cyber attacks are not limited to large organizations.

  • The less visible consequences of cyber incidents, including hardware recovery, regulatory fines, legal fees, reputational damage, customer churn, and emotional distress, supported by real-world insurance claim data showing how quickly recovery costs can escalate.

  • A technical analysis of common attack vectors—from VPN and RDP exposures to credential compromise, lateral movement, and the misuse of remote management tools—illustrating how attackers infiltrate and move within networks.

  • A real-world case study of a 55-employee CPA firm that suffered a ransomware attack during tax season after an employee clicked a malicious link, leading to encryption, business interruption, hardware replacement, and notification costs totaling around $500,000. This example underscored that 90% of claims stem from user mistakes rather than technology failures, reinforcing the importance of ongoing security awareness training.

  • The prevalence of ransomware and other costly attack types, with 27% of SMEs hit by ransomware and 59% experiencing some form of cyber attack in the past year. Ransomware remains the most expensive event type, followed by business email compromise and wire transfer fraud.

  • The critical steps organizations should take after a cyber incident, including immediate notification of insurance carriers, engaging forensics teams, and avoiding delayed or improper reporting, which can jeopardize coverage and recovery. 

  • Essential cybersecurity measures and the importance of comprehensive cyber insurance, highlighting common policy pitfalls and recommendations for technical controls that strengthen both security and insurability.

We wrapped up the session with an interactive Q&A session with attendees and panelists which we’re sharing with you below:

Q&A Recap

Question: Is it still best practice to not pay the ransom?

Answer: The panel provided multiple perspectives:

  • From an insurance standpoint, paying the ransom is sometimes the faster and cheaper option — though it’s not ideal, some organizations find it more cost-effective than weeks or months of downtime.
  • From a security perspective, it’s not best practice to pay. Doing so can lead to double extortion (attackers demanding more money later) and makes your organization a future target.
  • From a business perspective, there are rare cases where paying might make sense — for example, to limit reputational damage or recover critical data when no backups exist. However, once you pay, attackers know you’re willing to, which increases future risk.

While there may be exceptional situations where payment feels unavoidable, all three experts agree it’s generally not best practice to pay. Strong backups and preparation are the best way to avoid being forced into that decision.

Question: How long does it take to recover operations after a ransomware attack?

Answer: It varies widely depending on the organization’s preparedness, backup systems, and the scope of the attack. Recovery can take anywhere from a few days to several months. Factors like how much data was affected, the severity of the attack, and readiness to restore systems all influence the timeline.

Question: How is AI impacting cyberattacks, and how can it support prevention?

Answer: AI lowers the barrier to cybercrime by making it easier to learn how to exploit systems and craft attacks, including phishing and social engineering. On the flip side, AI also aids prevention by helping defenders identify malicious activity, distinguish true threats from noise, and automate detection. Advanced AI in endpoint detection and behavioral analytics improves threat identification, while defenders can use AI to better understand attack patterns and strengthen security measures.

Question: Is it common for bad actors to take over business e-mail accounts?

Answer: Yes. Business e-mail accounts are frequent targets because they’re often used for credential recovery and spreading malware. Once compromised, they can lead to larger breaches. Using secure cloud storage platforms like Dropbox or OneDrive—with built-in ransomware recovery—helps improve data protection and recovery compared to on-premises systems.

Question: If we implement all of these security features, will it reduce our insurance premium?

Answer: A couple of years ago the answer would have been yes. But as the industry has evolved, robust security is now often a prerequisite for obtaining comprehensive cyber insurance, it does not always result in lower premiums, but is necessary for eligibility. If you follow best practices from your IT provider, you should get a relatively inexpensive, well-rounded cyber liability insurance policy.

Additional Resources:

We compiled our webinar findings using insights from industry-leading resources and reports.

 

No BS. Just Proper IT.

Ditch mediocrity and gain more. More time, more results, and more confidence to focus on what matters most.

From Philadelphia with love