Hackers Don't Only Target Big Business

Uploaded on 2019-05-22 in FREE TO VIEW, BUSINESS-Services-Financial

Barely a week goes by without news of a major cyber incident being reported, and the stakes have never been higher. Data theft has become commonplace; the scale of ransom demands has risen steadily; and cumulatively the environment in which businesses must operate is increasingly cyber hostile.

The cyber threat has now become the unavoidable cost of doing business today and more security and training should be undertaken by organisations of all sizes. 

The new Hiscox Cyber Readiness Report 2019 explains that for the first time, a significant number of the firms surveyed, said they experienced one or more cyber-attacks recently in the last 12 months. Both the cost and frequency of attacks have increased markedly compared with a year ago, and where hackers formerly focused mainly on larger companies, small-and-medium -sized firms are now equally vulnerable.

Regulation is going some way to improving awareness and mandating a baseline of cyber security rigour.

In 2018, we saw the introduction of the EU’s General Data Protection Regulation (GDPR), to which businesses have adapted, and a by-product of this has been an uptick in demand for cyber insurance.

Significant Rise in Cyber-Attacks

The proportion of respondents reporting a cyber incident has risen from 45% last year to 61%, and the figures are higher in every category of breach.

Nearly a quarter of firms (24%) report a virus or worm infestation and 17% a ransomware attack. The number suffering a distributed denial-of-service (DDoS) attack is up from 10% to 15%.

The frequency of attacks has also increased markedly. Among firms that experienced cyber-attacks, the proportion reporting four or more incidents is up from 20% to 30%.

Small Business Attacks Have Increased

An increasing proportion of smaller firms are now caught up in the cyber battle. Small and medium sized firms are much more likely to have suffered multiple attacks this year, and on average the proportion of small and medium firms that have had an attack has increased 59%.

Bigger firms are more likely to have suffered repeat incidents. More than a fifth (21%) experienced five or more attacks in the year compared with an average of 16% for all respondents.

It is possible of course that larger businesses are simply better at spotting data breaches than smaller ones.

However, the implementation of GDPR last year has obliged larger firms, which stand to suffer big penalties for extensive breaches or failure to report an incident in a timely manner, to become more watchful and keener to report when incidents occur.

Cloud Risks

Many more respondents this year report problems with outages from third-party cloud providers (22%, up from 13%). Dutch firms were worst hit, with more than 27% of those that suffered cyber incidents reporting cloud outages, while across the respondent pool large and enterprise firms are more likely to suffer a cloud-related incident at 27% and 22% respectively.

This doubtless reflects the propensity for firms to push more of their data into the cloud as they grow.

Cyber Losses Increase

Businesses worldwide are suffering mounting losses from cyber-crime.

Of the 3,300 firms in our survey that suffered attacks, around 2,250 tracked the costs to their business.

Counting all incidents suffered over a 12-month period, the mean cost to those businesses rose from $229,000 to $369,000, an increase of 61%. Assuming a similar experience among those firms that failed to track or quantify the impact of cyber-attacks, the total cost for all 3,300 targeted firms was around $1.2 billion.

Adjusting for the increase in both the scale of the study group this year and the numbers targeted, that is more than double the cost registered in last year’s Report.

Hiscox:

You Might Also Read:

A Cybersecurity Guide For Small Business:

Cultural Strategies For Data Security (£):

 

« Verizon 2019 Data Breach Report
What's Your Data Strategy? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Backup Technology

Backup Technology

Backup Technology is a world leader in the Online Cloud Backup, Disaster Recovery and Business Continuity market.

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

GV (Google Ventures)

GV (Google Ventures)

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

Iowa Cyber Hub

Iowa Cyber Hub

Iowa Cyber Hub is a cybersecurity education partnership between Iowa State University and Des Moines Area Community College.

SecureAge Technology

SecureAge Technology

We’re a rapidly growing cybersecurity company with an 18-year history of ZERO Data breaches. Our security solutions place security and usability on equal footing. Learn more about our technology.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

PingSafe

PingSafe

PingSafe is creating the next-generation cloud security platform powered by attackers' intelligence, providing coverage for vulnerabilities that traditional security solutions would otherwise overlook

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.