October is Cybersecurity Awareness Month—a time to spotlight the growing risks in our digital world and the smart strategies that help businesses stay protected. At Holmes Murphy, we believe prevention isn’t just the best practice: it’s a financial imperative. This is why our Cyber Risk Practice is here to empower our clients to understand the costs of cyber threats, and the value of a robust cyber insurance policy, in an ever-evolving environment.

According to IBM’s 2025 Cost of a Data Breach Report, the global average cost of a data breach is now $4.44 million, with U.S.-based breaches averaging a staggering $10.22 million. These costs include:

• Cost of lost business, operational downtime and customer attrition
• Legal fees and regulatory fines
• Breach response and remediation expenses
• Ransom payments and extortion
• Long-term reputational damage

Certain breach types are even more expensive:

• Phishing Attacks: $4.8 million
• Malicious insider threats: $4.92 million
• Supply chain breaches: $4.91 million

These numbers aren’t just statistics—they represent real financial strain, operational disruption, and emotional stress for business owners and leadership teams. The ripple effects of a breach can last for years, impacting customer loyalty, investor confidence, and even employee morale.

AI: A Double-Edged Sword 

AI is transforming cybersecurity, but it’s also introducing new risks. Breaches involving shadow AI or AI-driven attacks added up to $4.63 million on average. A shocking 1 in 6 breaches involve the use of AI-driven attacks. 

AI-powered cyberattacks use artificial intelligence to craft sophisticated and automated threats, including hyper-realistic phishing attacks, deepfakes, adaptive malware, and AI systems that can discover and exploit vulnerabilities at an unprecedented scale and speed. Examples include malicious AI-generated text for phishing, AI-driven social engineering campaigns, malware that changes its code to avoid antivirus, and adversarial attacks designed to fool AI security systems.

As businesses increasingly adopt AI tools for efficiency and innovation, they must also ensure these technologies are secure, compliant, and properly monitored. The intersection of AI and cybersecurity is no longer optional—it’s a strategic priority. 

Prevention Pays Off: 

The good news? Prevention works—and it saves money. Companies that invest in proactive security measures saw significant cost reductions. A few notables include:

• Multifactor authentication (MFA): When deployed correctly, MFA reduces the risk of compromise by 99.22%.
• Faster detection and containment: A Managed Detection and Response (MDR)/ Endpoint Detection and Response (EDR) solution can reduce response time by up to 75%.
• Isolated “air-gapped” backups: Organizations whose backups were compromised during a ransomware attack experienced a median recovery cost of $3 million. This is eight times higher than the $375,000 median cost for organizations that were able to restore from unaffected backups.

These strategies don’t just reduce costs—they build resilience. A strong cybersecurity posture can mean the difference between a minor disruption and a catastrophic event. Good cybersecurity firstly starts with good hygiene; the importance of preventative solutions and employee education is paramount to mitigating the high costs of a breach.

Why Cyber Insurance Is a Critical Part of the Equation

While prevention strategies like employee training, endpoint protection, and incident response planning are essential, they don’t eliminate risk entirely. That’s where cyber insurance comes in, serving as a financial safety net as well as providing extensive breach response services and coverage for loss mitigation expenses when the unexpected happens.

Cyber insurance helps businesses:

• Cover the high costs of breach response, including legal counsel, forensic investigations, and public relations support
• Offset losses from business interruption and data restoration, including losses caused by incidents affecting third-party vendors
• Manage regulatory fines and compliance obligations
• Pay for ransom demands (when legally permissible) and costs of negotiating with attackers
• Protect the organization from liabilities arising from claims made by others

In today’s threat landscape, cyber insurance isn’t just a “nice to have”—it’s a strategic asset that complements your cybersecurity posture. It ensures that when prevention falls short, your business has the resources to respond, recover, and rebuild.

Why Holmes Murphy? 

Cyber risk is complex, but you don’t have to navigate it alone. At Holmes Murphy, we combine deep insurance expertise with cybersecurity insight to deliver real value. Our Cyber Team includes specialists who understand the nuances of digital threats across industries, from healthcare and finance to manufacturing, education, and construction.

We don’t just assess risk—we help you manage it, reduce it, and insure against it. 

Cybersecurity isn’t just an IT issue. It’s a business survival issue. Let’s work together to make your organization more secure, insurable, and resilient. Contact Holmes Murphy today and meet our Cyber Risk Practice. We’re here to help you protect what matters most.