According to the Hiscox Cyber Readiness report 2021 some 43 per cent of companies report having been targeted with over a quarter experiencing five assaults or more. One in six businesses attacked (17 percent) also reveal how the financial impact has threatened the company’s future.
The findings from a study of 6,042 companies across eight countries, commissioned by specialist insurer Hiscox, also charted the additional cost for firms to protect themselves with spending on cyber security more than doubling in the past two years.
The report, which covered businesses in the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland, features a new cyber readiness model that gauges firms’ strengths in six key cyber security areas across people, process and technology.
Designed to be interactive, it allows businesses to check and compare their cyber maturity with their peers, draw on best practice in each area, and develop cyber resilience.
Scoring survey respondents against the readiness model highlighted the number of firms lacking true cyber resilience. While one in five qualified as an ‘expert’, more than a quarter were classed as novices.
The key findings highlighted:
· A range of financial outcomes: These documented the growing range and unpredictability of cyber attacks which cost micro firms with under ten employees around £6,000. But five percent of those attacked suffered costs of over £211,000. There was a similarly broad range of outcomes for medium, large and enterprise firms.
· Ransomware now commonplace: Around one in every six firms attacked was targeted with ransomware and more than half paid up. In the US, the proportion paying a ransom was 71 percent. The costs of recovery from a ransomware attack were typically almost as high as any ransom paid (making up an average 45 per cent of overall cost). Phishing emails were the main way in for the extortionists, with small companies particularly likely to succumb.
· Experts fared better: Firms that qualified as experts in Hiscox’s cyber readiness model suffered fewer ransomware attacks, were less likely to pay up and recovered more quickly. The US had the highest proportion of cyber experts (25 percent) and one of the lowest median costs of attacks. The UK ranked second, with 23 percent of firms ranked as experts. UK firms were least likely to have had a cyber attack (just 36 percent) and most likely to have defended it successfully.
· Jump in cyber security spending: The average firm now devotes more than a fifth (21 percent) of its IT budget to cyber security- an increase of 63 percent in a year. Mean spending per firm on cyber has more than doubled in two years. German firms are the biggest spenders and Belgian ones spending the least.
Gareth Wharton, Hiscox Cyber CEO, warned: “One of the big takeaways of this report is the worrying range of financial impacts that cyber attacks can have. The risk of inaction is that the next attack could be enough to sink the business. Cyber is a complex problem but that does not mean it is unmanageable. With good risk management and appropriate cyber insurance, firms can contain the impact of an attack and limit the damage.”
To check how well your business could withstand a cyber attack, Hiscox is offering all firms:
· a chance to see with its new maturity model, a 40-question survey that compares a business with the 6,000 respondents in its reports, based on geography, industry sector and size – https://www.hiscoxgroup.com/
· a demo version of Hiscox CyberClear Academy – firms can do the demo pathway – https://
· a cyber exposure calculator which helps businesses understand how valuable their data is, how a loss breaks down, and who is likely to target them – https://www.hiscoxgroup.com/
The study also shows:
· Gulf in perception on Covid-19 dangers: Less than half (47%) of firms said they had become more vulnerable to cyber attack since the onset of the pandemic, though two-thirds of large and enterprise firms (67% and 68% respectively) said they had reinforced their cyber defences to deal with home-working. But small firms are lagging – only 35% of those with under ten employees said they had done the same.
· Three key sectors targeted – These were technology, media and telecoms (56%), financial services (55%) and energy (54%). The percentage of firms targeted in each of these sectors was typically up from 44%, 44%, and 40% respectively in 2020.
· Insurance take-up still patchy: Adoption of standalone cyber cover crept up from 26% of firms to 27% over the year. Take-up was highest among large companies and those ranked as ‘experts’. www.hiscoxgroup.com/cyber-