An international study carried out by Hiscox shows no improvement in corporate defences despite soaring cyber losses, and an increasing number of attacks. Some 61% of public and private sector organisations in the US, UK, Belgium, France, Germany, Spain and the Netherlands have suffered one or more cyber attacks in the past year (up from 45% in the previous year).
Large firms suffered losses of £551,000 compared with £128,000 a year ago, according to the study of 5,400 firms, only 10% of which achieved ‘expert’ cyber readiness status with 74% considered as unprepared.
CEO of the cyber division at Hiscox, Gareth Wharton said that for the first time in the report’s three year history, a significant majority of firms report one or more cyber attacks in the past 12 months. “Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The cyber threat has become the unavoidable cost of doing business today. The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”
Cyber risk readiness: Key report findings (Source: Hiscox Cyber Readiness report)
• Cyber attacks reach a new intensity: More than three in every five firms (61%) experienced a cyber incident in the past year, up from 45% in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted.
• Cyber losses soar: Among firms reporting attacks, average losses associated with all cyber incidents have risen from £180,000 last year to £291,000 – an increase of 61%. For large firms with between 250 and 999 employees cyber related losses now top £551,000 on average compared with £128,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of £38m.
• More firms fail cyber readiness test: Using a quantitative model to assess firms for their cyber readiness, only one in ten (10%) achieved ‘expert’ status this year, slightly down from 11% in 2018. Nearly three-quarters (74%) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
• Wide disparity in readiness scores: Overall, US, German and Belgian firms score highest on the cyber readiness model, while more than four-fifths of French firms (81%) are in the ‘novice’ category. Along with the Netherlands, France has the smallest proportion of large and enterprise firms that rank as ‘experts’, at 9%.
• Supply chain incidents now commonplace: Nearly two-thirds of firms (65%) have experienced cyber related issues in their supply chain in the past year. Worst affected are technology, media and telecoms and transport firms. The majority of firms (54%) now evaluate the security of their supply chains at least once a quarter or on an ad hoc basis.
• Rising uptake of cyber insurance: More than two out of five firms (41%) say they have taken out cyber cover in the past year (up from 33% in 2018). A further 30% plan to take out cover in the year ahead. More than half of larger firms now have cover but only 27% of small firms.
• Reasons to be optimistic: The proportion of firms with no defined role for cyber security has halved in the past year – from 32% to 16% – and there has been a marked fall in the number of respondents saying they changed nothing following a cyber incident (from 47% to 32%). New regulation has also prompted action, with 84% of Continental European firms saying they have made changes following the advent of GDPR. The figure for UK firms is 80%.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE