Attacks On Business Are Intensifying

A sharp increase in the number and cost of cyber-attacks is the key finding in a study of more than 5,400 organisations across seven countries, commissioned by insurer Hiscox. More than three out of five firms (61%) report one or more attacks in the past year, yet the proportion achieving top scores for their cyber security readiness is marginally down year-on-year.
 
Belgium reported the most attacks with 71% of commerce reporting an attack, with more than 30% of business being attacked four or more times. However, 16% of Belgium’s larger businesses have very high level cyber security experts and this puts them in the best position for attaining cyber-security.
 
The Hiscox Cyber Readiness Report 2019 surveyed a representative sample of private and public sector organisations in the US, UK, Belgium, France, Germany, Spain and the Netherlands. 
 
Each firm was assessed on its cyber security strategy and execution, and ranked accordingly. Only 10% achieved high enough marks in both areas to qualify as cyber security ‘experts’.
 
Among the key findings:
 
• Cyber-attacks reach a new intensity: More than three in every five firms (61%) experienced a cyber incident in the past year, up from 45% in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted. 
 
• More small and medium-sized firms attacked this year: While larger firms are still the most likely to suffer a cyber-attack, the proportion of small firms (defined as those with less than 50 employees) reporting an incident is up from 33% to 47%. Among medium-sized firms (50 to 249 employees) the proportion has leapt from 36% to 63%.
 
• Cyber losses soar: Among firms reporting attacks, average losses associated with all cyber incidents have risen from $229,000 last year to $369,000 – an increase of 61%. For large firms with between 250 and 999 employees cyber-related losses now top $700,000 on average compared with $162,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of $48 million.
 
• More firms fail cyber readiness test: Using a quantitative model to assess firms for their cyber readiness, only one in ten (10%) achieved ‘expert’ status this year, slightly down from 11% in 2018. Nearly three-quarters (74%) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
 
• Cyber security spending up by a quarter: The average spend on cyber security is now $1.45 million, up 24% on 2018, and the pace of spending is accelerating. The total spend by the 5,400 firms in the survey comes to $7.9 billion. Two-thirds of respondents (67%) plan to increase their cyber security budgets by 5% or more in the year ahead.
 
UK business, even ones that say they are not really secure against attacks, are reporting a significant increase in cyber breaches, according to Hiscox. 
 
Hiscox say that 55% of business have been attacked in 2019, which is a 15% increase in one year. But almost three quarters of firms were ranked as "novices" in terms of cyber readiness. Hiscox said a lot of businesses "incorrectly felt that they weren't at risk".
 
It said there had been a "sharp increase" in the number of cyber-attacks this year, with more than 60% of firms having reported one or more attacks - up from 45% in 2018. Average losses from breaches also soared from $229,000 (£176,000) to $369,000, an increase of 61%. Despite this, the insurer said the percentage of firms scoring top marks on cyber security had fallen, with UK organisations doing particularly badly.
 
British firms had the lowest cyber security budgets, it said, spending less than $900,000 on average compared with $1.46m across the group.
 
They were also joint-least likely with US firms to have a "defined role for cyber security" on their staff. In France the proportion was closer to one in ten. Gareth Wharton, head of Cyber at Hiscox, said the low UK spending could be driven by the large number of small businesses in Britain. 
 
"They may feel like they won't be targeted, as we tend to only read about large breaches in the press. If they incorrectly feel that they won't be targeted, they may be less likely to spend on cyber security."
 
Hiscox also found the average cost of an attack in the UK was lower than average at $243,000, compared with $906,000 in Germany and $486,000 in Belgium. New regulation has also prompted action, with eight in ten UK firms saying they had made changes since the introduction of tough new EU data protection rules last year.
 
  BBC:          Hiscox:        Hiscox
 
You Might Also Read: 
 
Cyber Insurance Risks Are Moving Too Fast For Underwriters
 
 
 
« AI: Is Your Business Ready?
France’s National Cybersecurity Policy: Both Defend & Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IASME Consortium

IASME Consortium

IASME is one of five companies appointed as Accreditation Bodies for assessing and certifying against the UK Government's Cyber Essentials Scheme.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Checkmarx

Checkmarx

Checkmarx provides state-of-the-art application security solutions with static code analysis software.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet is a network of companies who collaborate to address skills needs within the technology sector.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.