IT disaster recovery, cloud computing and information security news

Cyber attacks ‘reach a new intensity’ while security fails to keep up

A sharp increase in the number and cost of cyber attacks is the key finding in a study of more than 5,400 organizations across seven countries, commissioned by insurer Hiscox. More than three out of five firms (61 percent) report one or more attacks in the past year, yet the proportion achieving top scores for their cyber security readiness is marginally down year-on-year.

The Hiscox Cyber Readiness Report 2019 surveyed a representative sample of private and public sector organizations in the US, UK, Belgium, France, Germany, Spain and the Netherlands. Each firm was assessed on its cyber security strategy and execution, and ranked accordingly. Only 10 percent achieved high enough marks in both areas to qualify as cyber security ‘experts’.

Key findings from the survey include:

Cyber attacks reach a new intensity: more than three in every five firms (61 percent) experienced a cyber incident in the past year, up from 45 percent in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted. 

More small and medium-sized firms were attacked this year: while larger firms are still the most likely to suffer a cyber attack, the proportion of small firms (defined as those with less than 50 employees) reporting an incident is up from 33 percent to 47 percent. Among medium-sized firms (50 to 249 employees) the proportion has leapt from 36 percent to 63 percent.

Cyber losses soar: among firms reporting attacks, average losses associated with all cyber incidents have risen from $229,000 last year to $369,000 – an increase of 61 percent. For large firms with between 250 and 999 employees cyber-related losses now top $700,000 on average compared with $162,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of $48 million.

Many firms fail cyber readiness test: Using a quantitative model to assess firms for their cyber readiness, only one in ten (10 percent) achieved ‘expert’ status this year, slightly down from 11 percent in 2018. Nearly three-quarters (74 percent) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.

Cyber security spending up by a quarter: The average spend on cyber security is now $1.45 million, up 24 percent on 2018, and the pace of spending is accelerating. The total spend by the 5,400 firms in the survey comes to $7.9 billion. Two-thirds of respondents (67 percent) plan to increase their cyber security budgets by 5 percent or more in the year ahead.

Supply chain incidents now commonplace: nearly two-thirds of firms (65 percent) have experienced cyber-related issues in their supply chain in the past year. Worst affected are technology, media and telecoms (TMT) and transport firms. The majority of firms (54 percent) now evaluate the security of their supply chains at least once a quarter or on an ad hoc basis.

Reasons to be optimistic: the proportion of firms with no defined role for cyber security has halved in the past year – from 32 percent to 16 percent - and there has been a marked fall in the number of respondents saying they changed nothing following a cyber incident (from 47 percent to 32 percent). New regulation has also prompted action, with 84 percent of Continental European firms saying they have made changes following the advent of the General Data Protection Regulation (GDPR). The figure for UK firms is 80 percent.

Rising uptake of cyber insurance: more than two out of five firms (41 percent) say they have taken out cyber cover in the past year (up from 33 percent in 2018). A further 30 percent plan to take out cover in the year ahead. More than half of larger firms now have cover but only 27 percent of small firms.

About the study

Hiscox commissioned Forrester Consulting to assess organizations’ cyber readiness. In total 5,392 professionals involved in their organization’s cyber security effort were contacted (1,000-plus each from the UK, US, and Germany, and 500 each from Belgium, France, Spain and the Netherlands). Respondents completed the online survey between 12th October and 7th December 2018.

More details.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.