As losses mount, firms continue inaction on cyber defence

As losses mount, firms continue inaction on cyber defence

Corporations are still not taking cyber defences seriously, despite cyber attacks continuing to inflict significant damages on companies around the world. In fact, according to a study of 5,400 organisations across seven countries, insurer Hiscox found that the number of firms achieving top scores for their cyber security readiness is marginally down year-on year.

The report into cyber security readiness found that only 10% of firms achieved ‘expert’ status this year, which is a slight drop from the 11% who received the same distinction in 2018. That’s despite the report also finding that 61% of organisations had experienced a cyber incident in the past year, a sharp increase on the 45% of firms reporting incidents in 2018. 

Gareth Wharton, Hiscox Cyber CEO, commented, “This is the third Hiscox Cyber Readiness Report and, for the first time, a significant majority of firms report one or more cyber attacks in the past 12 months. Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The cyber threat has become the unavoidable cost of doing business today.”

Unfortunately the report makes for further grim reading when it comes to losses inflicted on the firms experiencing cyber attacks. Average losses associated with all cyber incidents have risen from £180,000 last year to £291,000 – an increase of 61%. For large firms with between 250 and 999 employees cyber-related losses now top £551,000 on average compared with £128,000 a year ago. 

Thankfully, there is some good news in the report’s findings. Firms are now actively putting a structure in place to tackle cybersecurity issues. The number of firms reporting no defined role for cyber security has dropped from 32% in 2018 to 16% today, while there has also been a marked fall in the number of respondents saying they changed nothing following a cyber incident (47% to 32%). 

Additionally, firms are increasingly turning to insurance firms to help protect from losses from a cyber attack. 41% say they have taken out cyber cover in the past year (up from 33% in 2018). A further 30% plan to take out cover in the year ahead. More than half of larger firms now have cover but only 27% of small firms.

Wharton concluded, “The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”

Further findings

Other key findings of the report include: 

  • Overall, US, German and Belgian firms score highest on the cyber readiness model, while 81% of French companies are in the ‘novice’ category. Along with the Netherlands, France has the smallest proportion of large and enterprise firms that rank as ‘experts’, at 9%.
  • 65% of firms have experienced cyber-related issues in their supply chain in the past year. Worst affected are technology, media and telecoms (TMT) and transport firms. The majority of firms (54%) now evaluate the security of their supply chains at least once a quarter or on an ad hoc basis.
  • 74% of firms ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
  • The frequency of attacks increased. 
  • Belgian firms were the most heavily targeted.
  • German firms suffered the most, with one reporting a cost for all incidents of £38 million.