BY Richard Summerfield
The number of cyber attacks, and the cost of those attacks, increased markedly in 2018, according to a study commissioned by insurer Hiscox.
The Hiscox Cyber Readiness Report 2019 surveyed nearly 5400 professionals from the US, UK, Germany, Belgium, France, Spain and the Netherlands who are responsible for their company’s cyber security.
According to the report, 61 percent of the firms surveyed experienced one or more cyber attacks in the past year, compared to 45 percent in the previous year. However, the proportion of those firms achieving top scores for their cyber security readiness fell year-on-year. The median cost for losses associated with cyber incidents increased significantly, from $229,000 to $369,000.
The report, now in its third year of publication, noted that while hackers previously focused mainly on larger companies, small- and medium-sized firms are now equally vulnerable. Around 47 percent of small firms – companies with less than 50 employees – reported attacks, up from 33 percent last year. Sixty-three percent of medium-sized businesses, those with 50 to 249 employees, were targeted, up from 36 percent the previous year.
“The cyber threat has become the unavoidable cost of doing business today,” said Gareth Wharton, cyber chief executive at Hiscox. “The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”
“The message that cyber risk is a real threat to businesses of all sizes is sinking in,” said Meghan Hannes, cyber product head for Hiscox in the US. “Companies are increasingly aware of the risks and pouring more resources into cyber protection, and yet, there is still a tremendous gap between awareness of the issue and actually having an effective defence. Many believe that increasing cyber-related spending fully protects a business, but it isn’t enough. Businesses must take a holistic approach, ensuring they can properly maximise their investment with appropriate internal protocols, staffing, and employee training, ultimately creating a human firewall as the first line of defence.”
The average spend on cyber security is now $1.45m, up 24 percent on the previous year, and the pace of spending is accelerating. The total spend by the firms in the survey comes to $7.9bn. Two-thirds of respondents (67 percent of firms) plan to increase their cyber security budgets by 5 percent or more in the year ahead.