The percentage of businesses targeted by cybercriminals in the past year has increased from 38% to 43%, with more than a quarter of targets (28%) undergoing five or more attacks, the Hiscox Cyber Readiness Report 2021
Those attacks are pushing many companies to the brink, attacking one in six companies (17%) who say the financial impact is materially threatening the company's future.
The Hiscox report says insurance inclusion is still patchy. "Self-cyber coverage adoption rose from 26% of businesses to 27% over the year."
These are some of the findings of a survey of 6,042 companies in the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland. The Hiscox Cyber Readiness Report 2021, now in its fifth year, surveyed a representative sample of organizations.
On the positive side, the report shows that companies are responding to the cyber challenge: average expenditure per company on cyber security has more than doubled in the past two years.
The report emphasized that there is a wide variety of financial costs associated with cyber attacks, with smaller businesses suffering the greatest losses relative to the size of the business. For micro businesses with fewer than 10 employees, the median cost was $ 8,000.
However, 5% of the companies surveyed who had experienced cyber attacks suffered costs of $ 300,000 or more.
"A German business services company has faced breaches costing the equivalent of $ 474,000 per employee," the report said.
“One of the main points of this report is the worrying array of financial consequences that cyber attacks can have,” said Gareth Wharton, CEO of Hiscox Cyber.
The risk of inactivity is that the next attack could be enough to sink the company, ”he added. “Cyber is a complex problem, but that does not mean that it is uncontrollable. With good risk management and appropriate cyber insurance, companies can contain the impact of an attack and limit the damage. "
The report contains a new one cyber readiness model which measures the strengths of companies in six key cyber security areas for people, process and technology. It is designed to be interactive, allowing companies to monitor and compare their cyber maturity with that of their peers, leverage best practices in each area and develop cyber resilience, Hiscox said.
Scoring respondents based on the readiness model indicated that the number of companies lack true cyber resilience, the report said. For example, only one in five (20%) qualified as 'expert', while more than a quarter (27%) were classified as novices.
Other important findings from the report are:
- Ransomware is now commonplace. About one in six companies (16%) was targeted by ransomware, and more than half (58%) paid the ransom. In the US, the ransom rate was 71%. The cost of recovery from a ransomware attack was typically nearly the same as the ransom paid (an average of 45% of the total cost). Phishing emails were the main gateway for the ransomware extortionists, with smaller companies more at risk. About 74% of companies with fewer than 10 employees targeted by ransomware blamed phishing as the point of entry, compared to 65% of the largest companies surveyed.
- Double cybersecurity spending. The average business now spends more than a fifth (21%) of its IT budget on cyber security – a 63% increase in a year. Average per-company cyber spend has more than doubled in two years – from $ 1.45 million to $ 3.25 million. German companies are the largest lenders with an average of $ 5.5 million. Belgian companies spend the least (on average 1.9 million dollars).
- Three core sectors targeted. These were technology, media and telecom (56%), financial services (55%) and energy (54%). The percentage of companies in each of these sectors had typically increased from 44%, 44% and 40% respectively in 2020.
- Insurance inclusion is still patchy. Self-cyber coverage adoption rose from 26% of businesses to 27% over the year. Take-up was highest among large companies, which were ranked as & # 39; experts & # 39 ;. Small businesses remain resistant to insurance: nearly half (44%) of businesses with fewer than 10 employees say they do not intend to purchase insurance.
- More big firms on firing line. As previous studies have shown, the likelihood of becoming a target greatly increases with the size of the business. This year there was a much steeper curve – from 23% for the smallest to 61% for large companies (companies with more than 1,000 employees). This is similar to last year's report, when the equivalent figures were 31% for the smallest and 51% for large companies.
- German companies hit hardest. German companies accounted for more than a third of the total losses in the entire $ 48 million study group. They also topped the table for the average cost of all attacks ($ 23,700) and the largest single attack ($ 5.1 million).
- Experts did better. Companies that qualified as & # 39; experts & # 39; in Hiscox's cyber readiness model, there were fewer ransomware attacks, less ransom payments, and faster recovery. The US had the highest percentage of cyber experts (25%) and one of the lowest median costs of attacks. The UK is in second place, with 23% of companies as experts. British companies had the least chance of a cyber attack (only 36%) and probably had successfully defended it.
About the study
The fifth annual Hiscox Cyber Readiness Report has been prepared in collaboration with Forrester Consulting. It is based on a survey of executives, department heads, IT managers and other key professionals. A total of 6,042 professionals involved in their organization's cybersecurity efforts were contacted (more than 1,000 each from the UK, US, France and Germany, more than 500 each from Belgium, Spain and the Netherlands, and 300 from Ireland). Respondents completed the online survey between November 5, 2020 and January 8, 2021.
Interested in Cyber
Receive automatic alerts on this topic.