We often write about the dangers and risks of cyber-attacks but Hiscox’s annual Cyber Readiness Report puts the facts in figures into perspective and highlights business’ shortcomings when it comes to being prepared for an online onslaught.
The report, which was issued this week for 2019, highlighted that there is a sharp increase in the number of and cost of cyber-attacks. More than three out of five firms (61%) reported one or more attacks in the past year. But, worryingly, it found that the proportion of businesses achieving top scores for their cyber security readiness is marginally down year-on-year.
The international insurer’s report should hardly be ignored as the survey conducted to establish these results is quite far reaching. This time 5,400 organisations across seven countries including the UK, US, Belgium, France, Germany, Spain and the Netherlands were approached.
Each company was assessed on their cyber security strategy and execution and ranked accordingly. Hiscox found that only 10% of those surveyed achieved high enough marks in both areas to qualify as cyber security ‘experts’.
Other key findings included:
- Cyber-attacks are increasing in intensity:As mentioned above 61% of companies said they had experienced a cyber incident in the past year – that’s 45% up from the 2018 report. Hiscox said that Belgian firms were the most heavily targeted.
- More small and medium (SMEs) sized businesses were targeted this year:Many SMEs think that they won’t be targeted as they wrongly believe that cyber criminals won’t be interested in attacking businesses of their size. Hiscox acknowledges that larger firms are most likely to suffer a cyber-attack but point out that the proportion of small firms (with less than 50 employees) has increased from 36% to 63%.
- Cyber losses have increased:Losses as a direct result of cyber-attacks have jumped from $229,000 last year to $369,000 – a hike of 61%. Average losses for large firms now top $700,000 on average compared to $162,000 from a year ago.
- More firms are failing cyber readiness tests:With the increase in attacks you’d think that companies would take cyber security more seriously. But, unfortunately, this is not the case. Hiscox found that only one in ten businesses surveyed got awarded ‘expert’ status this year – this was down by 11% in 2018. The study found that overall the US, German and Belgian firms scored the highest on the cyber readiness model, while the French disappoint with 81% only achieving the novice category.
- Spending on security is on the rise:One encouraging sign appears to be the amount of investment companies are making on cyber security. According to Hiscox, the average spend on cyber-security is now $1.45 million – an increase of 24% on 2018. They add that the pace of spending is accelerating, and the total spend by the 5,400 that were approached to partake in the survey stands at $7.9 billion.
Hiscox did say there was some cause for optimism because the number of firms with no defined role for cyber security has halved in the past year from 32% to 16%. What’s more, there are fewer survey participants that have not sprung to action following a cyber incident.
Regulation is also a major reason for companies to get their act into gear. The survey findings show that 80% of UK businesses were prompted into action to ensure General Data Protection Regulation (GDPR) compliance, while 85% of continental European firms made changes following the introduction of GDPR.
It’s clear from the survey that while companies are spending more on cyber-security they need to do more to be prepared for online attacks. With the average loss topping $700,000 one can’t help but think that such colossal losses could land SMEs in financial hot water.
If you're concerned about your business, contact us to see what we can do to heighten your security levels and how we can ensure that you're compliant with regulation such as GDPR.