Hackers Don't Only Target Big Business

Barely a week goes by without news of a major cyber incident being reported, and the stakes have never been higher. Data theft has become commonplace; the scale of ransom demands has risen steadily; and cumulatively the environment in which businesses must operate is increasingly cyber hostile.

The cyber threat has now become the unavoidable cost of doing business today and more security and training should be undertaken by organisations of all sizes. 

The new Hiscox Cyber Readiness Report 2019 explains that for the first time, a significant number of the firms surveyed, said they experienced one or more cyber-attacks recently in the last 12 months. Both the cost and frequency of attacks have increased markedly compared with a year ago, and where hackers formerly focused mainly on larger companies, small-and-medium -sized firms are now equally vulnerable.

Regulation is going some way to improving awareness and mandating a baseline of cyber security rigour.

In 2018, we saw the introduction of the EU’s General Data Protection Regulation (GDPR), to which businesses have adapted, and a by-product of this has been an uptick in demand for cyber insurance.

Significant Rise in Cyber-Attacks

The proportion of respondents reporting a cyber incident has risen from 45% last year to 61%, and the figures are higher in every category of breach.

Nearly a quarter of firms (24%) report a virus or worm infestation and 17% a ransomware attack. The number suffering a distributed denial-of-service (DDoS) attack is up from 10% to 15%.

The frequency of attacks has also increased markedly. Among firms that experienced cyber-attacks, the proportion reporting four or more incidents is up from 20% to 30%.

Small Business Attacks Have Increased

An increasing proportion of smaller firms are now caught up in the cyber battle. Small and medium sized firms are much more likely to have suffered multiple attacks this year, and on average the proportion of small and medium firms that have had an attack has increased 59%.

Bigger firms are more likely to have suffered repeat incidents. More than a fifth (21%) experienced five or more attacks in the year compared with an average of 16% for all respondents.

It is possible of course that larger businesses are simply better at spotting data breaches than smaller ones.

However, the implementation of GDPR last year has obliged larger firms, which stand to suffer big penalties for extensive breaches or failure to report an incident in a timely manner, to become more watchful and keener to report when incidents occur.

Cloud Risks

Many more respondents this year report problems with outages from third-party cloud providers (22%, up from 13%). Dutch firms were worst hit, with more than 27% of those that suffered cyber incidents reporting cloud outages, while across the respondent pool large and enterprise firms are more likely to suffer a cloud-related incident at 27% and 22% respectively.

This doubtless reflects the propensity for firms to push more of their data into the cloud as they grow.

Cyber Losses Increase

Businesses worldwide are suffering mounting losses from cyber-crime.

Of the 3,300 firms in our survey that suffered attacks, around 2,250 tracked the costs to their business.

Counting all incidents suffered over a 12-month period, the mean cost to those businesses rose from $229,000 to $369,000, an increase of 61%. Assuming a similar experience among those firms that failed to track or quantify the impact of cyber-attacks, the total cost for all 3,300 targeted firms was around $1.2 billion.

Adjusting for the increase in both the scale of the study group this year and the numbers targeted, that is more than double the cost registered in last year’s Report.

Hiscox:

You Might Also Read:

A Cybersecurity Guide For Small Business:

Cultural Strategies For Data Security (£):

 

« Verizon 2019 Data Breach Report
What's Your Data Strategy? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

Secure Soft

Secure Soft

Secure Soft are experts in Computer and Information Security with a presence in Peru, Colombia and Ecuador.

Bureau Veritas

Bureau Veritas

Bureau Veritas are a world leader in Testing, Inspection and Certification. We provide certification and training services in areas including cybersecurity and data protection.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Recast Software

Recast Software

Recast Software exists to simplify the work of IT teams and enable them to create highly secure and compliant environments.

CyberKinetics

CyberKinetics

CyberKinetics specializes in cloud-based services and solutions for federal agencies and commercial clients with compliance mandates.