Webinar Recap: The True Cost of a Cyber Incident

Thank you to everyone who attended our live webinar: From Breach to Balance Sheet – The True Cost of a Cyber Incident. 

Experts from Proper Sky, BlackPoint, and Techrug weighed in on the connection between IT, security, and insurance—so you can protect not just your systems, but your balance sheet.

Did you miss the webinar? Get a link to the recording here and check out insights from the Q&A session below!

During this session we discussed:

• The financial impact of cybersecurity incidents across various sectors, highlighting average costs, sector-specific risks, and the prevalence of attacks on small and medium-sized enterprises using aggregated insurance claim data.
• The less visible consequences of cyber incidents, including hardware recovery, regulatory fines, legal fees, reputational damage, customer churn, and emotional distress, with examples from real-world claims.
• A technical analysis of common attack vectors, including VPN and RDP exposures, credential compromise, lateral movement, and the use of remote management tools, illustrating how attackers infiltrate and propagate within networks.
• A real-world case study of a CPA firm breach, emphasizing that most incidents stem from user error rather than technical flaws, and underscored the importance of security awareness training.
• Steps organizations should take after a cyber incident, including immediate notification of insurance carriers, the importance of forensics, and the risks of delayed or improper reporting.
• Essential cybersecurity measures, the importance of comprehensive cyber insurance, and common pitfalls in policy applications, with recommendations for technical controls and policy selection.

We wrapped up the session with an interactive Q&A session with attendees and panelists which we’re sharing with you below:

Question: Is it still best practice to not pay the ransom?

Answer: The panel provided multiple perspectives:

• From an insurance standpoint, paying the ransom is sometimes the faster and cheaper option — though it’s not ideal, some organizations find it more cost-effective than weeks or months of downtime.
• From a security perspective, it’s not best practice to pay. Doing so can lead to double extortion (attackers demanding more money later) and makes your organization a future target.
• From a business perspective, there are rare cases where paying might make sense — for example, to limit reputational damage or recover critical data when no backups exist. However, once you pay, attackers know you’re willing to, which increases future risk.

While there may be exceptional situations where payment feels unavoidable, all three experts agree it’s generally not best practice to pay. Strong backups and preparation are the best way to avoid being forced into that decision.

Question: How long does it take to recover operations after a ransomware attack?

Answer: It varies widely depending on the organization’s preparedness, backup systems, and the scope of the attack. Recovery can take anywhere from a few days to several months. Factors like how much data was affected, the severity of the attack, and readiness to restore systems all influence the timeline.

Question: How is AI impacting cyberattacks, and how can it support prevention?

Answer: AI lowers the barrier to cybercrime by making it easier to learn how to exploit systems and craft attacks, including phishing and social engineering. On the flip side, AI also aids prevention by helping defenders identify malicious activity, distinguish true threats from noise, and automate detection. Advanced AI in endpoint detection and behavioral analytics improves threat identification, while defenders can use AI to better understand attack patterns and strengthen security measures.

Question: Is it common for bad actors to take over business e-mail accounts?

Answer: Yes. Business e-mail accounts are frequent targets because they’re often used for credential recovery and spreading malware. Once compromised, they can lead to larger breaches. Using secure cloud storage platforms like Dropbox or OneDrive—with built-in ransomware recovery—helps improve data protection and recovery compared to on-premises systems.

Question: If we implement all of these security features, will it reduce our insurance premium?

Answer: A couple of years ago the answer would have been yes. But as the industry has evolved, robust security is now often a prerequisite for obtaining comprehensive cyber insurance, it does not always result in lower premiums, but is necessary for eligibility. If you follow best practices from your IT provider, you should get a relatively inexpensive, well-rounded cyber liability insurance policy.

Additional Resources:

We compiled our webinar findings using insights from industry-leading resources and reports.

• 2025 Verizon Data Breach Investigation Report
• NetDiligence Cyber Claims Study 2025 Report
• Hiscox Cyber Readiness Report 2025