An international study carried out by Hiscox shows no improvement in corporate defences despite soaring cyber losses, and an increasing number of attacks. Some 61% of public and private sector organisations in the US, UK, Belgium, France, Germany, Spain and the Netherlands have suffered one or more cyber attacks in the past year (up from 45% in the previous year).

Large firms suffered losses of £551,000 compared with £128,000 a year ago, according to the study of 5,400 firms, only 10% of which achieved ‘expert’ cyber readiness status with 74% considered as unprepared.

CEO of the cyber division at Hiscox, Gareth Wharton said that for the first time in the report’s three year history, a significant majority of firms report one or more cyber attacks in the past 12 months. “Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The cyber threat has become the unavoidable cost of doing business today. The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”


Cyber risk readiness: Key report findings (Source: Hiscox Cyber Readiness report)

• Cyber attacks reach a new intensity: More than three in every five firms (61%) experienced a cyber incident in the past year, up from 45% in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted.

• Cyber losses soar: Among firms reporting attacks, average losses associated with all cyber incidents have risen from £180,000 last year to £291,000 – an increase of 61%. For large firms with between 250 and 999 employees cyber related losses now top £551,000 on average compared with £128,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of £38m.

• More firms fail cyber readiness test: Using a quantitative model to assess firms for their cyber readiness, only one in ten (10%) achieved ‘expert’ status this year, slightly down from 11% in 2018. Nearly three-quarters (74%) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.

• Wide disparity in readiness scores: Overall, US, German and Belgian firms score highest on the cyber readiness model, while more than four-fifths of French firms (81%) are in the ‘novice’ category. Along with the Netherlands, France has the smallest proportion of large and enterprise firms that rank as ‘experts’, at 9%.

• Supply chain incidents now commonplace: Nearly two-thirds of firms (65%) have experienced cyber related issues in their supply chain in the past year. Worst affected are technology, media and telecoms and transport firms. The majority of firms (54%) now evaluate the security of their supply chains at least once a quarter or on an ad hoc basis.

• Rising uptake of cyber insurance: More than two out of five firms (41%) say they have taken out cyber cover in the past year (up from 33% in 2018). A further 30% plan to take out cover in the year ahead. More than half of larger firms now have cover but only 27% of small firms.

• Reasons to be optimistic: The proportion of firms with no defined role for cyber security has halved in the past year – from 32% to 16% – and there has been a marked fall in the number of respondents saying they changed nothing following a cyber incident (from 47% to 32%). New regulation has also prompted action, with 84% of Continental European firms saying they have made changes following the advent of GDPR. The figure for UK firms is 80%.

Share Story: