Average Cost Of A Cyber Attack Increases By 80%

In seven out of eight countries, cyber attacks are now seen as the biggest risk to business, more than  COVID-19, economic turmoil, skills shortages, and other issues. Indeed, cyber threats are viewed as the dominant risk with the median cost of a cyber attack on a US-based business costing $18,000, up from $10,000 the previous year. 

The leading specialist insurance company Hiscox commissioned Forrester Consulting to survey more than 5,000 security professionals in the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland for its Cyber Readiness Report 2022. 

Cyberattacks were the biggest concern of the 900 firms surveyed in the U.S. at 46%, outpacing the pandemic (43%) or skills shortage (38%).

Almost half of businesses in the U.S. (47%) suffered a cyberattack in the last 12 months, an increase of 7% from the previous year, while the most common entry point for all surveyed countries was a corporate server in the cloud (41%), followed closely by business email (40%).

While the cyber criminals have long targeted high-value companies, it is clear they are now moving down the food chain. International agencies have recently warned that more mid- and small-sized businesses are being targeted and this is borne out in this year’s report by Hiscox.

Despite leading the other seven countries in cyber maturity, scoring 3.05 compared with an average of 2.94, 84% of companies based in the U.S. that experienced a ransomware attack paid to recover data. The number of U.S. firms with standalone cyber insurance remained steady at 34%. “Despite 61% of survey respondents now being back in the office, businesses are still experiencing a hangover from the pandemic,” said Alannah Paul, cyber product head for Hiscox in the U.S.

“Remote working provided a year-long Christmas for cyber criminals, and we can see the results of their cyber-feast in the increased frequency and cost of attacks. As we move into a new era of hybrid working, we all have an increased responsibility to continue learning, and managing our own cybersecurity.” according to Paul.

The annual Hiscox Cyber Readiness Report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 5,000 professionals responsible for their company’s cyber security.
This includes firms from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland. 

Key findings specific to the more than 900 US professionals surveyed include:

 

  • Cyber attacks are a bigger worry for US businesses than the ‘great reshuffle’: US businesses are more concerned about cyber attacks (46%), than the pandemic (43%), or skills shortages (38%).
  • The number of attacks is rising: the survey results indicate that in the past year, there has been a 7% increase in cyber attacks on US businesses. To date, roughly half of all US businesses (47%) have suffered an attack in the past 12 months.
  • Each attack is costing businesses more: The median cost of an attack as of 2022 is $18,000, up from $10,000 last year. The US has also borne a generally higher cost from cyberattacks, with 40% of those suffering attacks incurring costs of $25,000 or more. The most common point of entry was a corporate server in the cloud.
  • The pandemic has prompted businesses to double their IT spend: Despite remote working nearly halving from 62% of the workforce in 2021, to 39% of the workforce by 2022, total IT spending has risen from $11.5m in 2021, to $24.2m in 2022.
  • The US is a global leader in cyber maturity, but is also most likely to pay a ransom: The US had the highest cyber maturity score of 3.05 compared to the average of 2.94. Nonetheless, US companies were the most likely to pay a ransom to recover data, with 84% of companies that experienced a ransomware attack paying up.
  • More businesses are considering purchasing a standalone cyber insurance policy: The number of US businesses that have a standalone cyber insurance policy remained stable at 34%, in comparison to the number of businesses without a policy or any plan to purchase one, which dropped from 18% in 2021 to 12% in 2022.

The survey was conducted between Nov. 30, 2021, and Jan. 21, 2022. The median cost of a cyberattack for all surveyed countries was just under $17,000, an increase of 30% from the year before.

Hiscox:      Hiscox:      Dark Reading:    Varonis:     SC Magazine

You Might Also Read: 

The Most Expensive Data Breaches:

 

« October Is Cyber Security Awareness Month
Developing Nations Face The Biggest Cyber Security Challenges »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Octopus Cybercrime Community

Octopus Cybercrime Community

The Octopus Community is a platform for information sharing and cooperation on cybercrime and electronic evidence.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

Axis Capital

Axis Capital

AXIS Insurance’s Professional Lines Division is a leading underwriter of technology/cyber coverage and other specialty products around the globe.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

Startup Capital Ventures

Startup Capital Ventures

Startup Capital Ventures is an early stage venture capital firm with a focus on FinTech, Cloud/SaaS, Security, Healthcare IT, and IoT.

HackControl

HackControl

HackControl services include penetration tests, security audits, block chain audits and brand and anti-phishing protection.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

OriginalMy

OriginalMy

OriginalMy is a cybersecurity startup, focussed on digital governance and information authentication. Its mission is to prove authenticity using state-of-the-art cryptography and blockchain technology

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

Token Security

Token Security

Token is the new approach designed for the identity boom era. Introducing Machine-First Identity Security.

NetDescribe

NetDescribe

NetDescribe, part of Xantaro Group, advises and supports companies in building secure and stable IT environments.

Silicon Valley Cybersecurity Institute (SVCSI)

Silicon Valley Cybersecurity Institute (SVCSI)

SVCSI aims to investigate, develop, and promote technical excellence and the best security practices for dependable and secure systems and applications.