A sharp increase in the number and cost of cyber-attacks is the key finding in a study of 5,400 organisations across seven countries, commissioned by insurer Hiscox.
More than three out of five firms (61%) report one or more attacks in the past year, yet the proportion achieving top scores for their cyber security readiness is marginally down year-on-year.
The Hiscox Cyber Readiness Report 2019 surveyed a representative sample of private and public sector organisations in the US, UK, Belgium, France, Germany, Spain and the Netherlands.
Each firm was assessed on its cyber security strategy and execution, and ranked accordingly. Only 10% achieved high enough marks in both areas to qualify as cyber security ‘experts’.
Among the key findings are:
Cyber-attacks reach a new intensity – More than three in every five firms (61%) experienced a cyber incident in the past year, up from 45% in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted.
Cyber losses soar – Among firms reporting attacks, average losses associated with all cyber incidents have risen from £180,000 last year to £291,000 – an increase of 61%. For large firms with between 250 and 999 employees cyber-related losses now top £551,000 on average compared with £128,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of £38 million.
More firms fail cyber readiness test – Using a quantitative model to assess firms for their cyber readiness, only one in ten (10%) achieved ‘expert’ status this year, slightly down from 11% in 2018. Nearly three-quarters (74%) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
Gareth Wharton, Hiscox Cyber CEO, commented: ‘This is the third Hiscox Cyber Readiness Report and, for the first time, a significant majority of firms report one or more cyber attacks in the past 12 months. Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The cyber threat has become the unavoidable cost of doing business today.
“The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”