Fewer businesses report cyberattacks but costs soar, finds Hiscox survey
The cost of cyberattacks to businesses has spiked almost six-fold to an average $57,000 per event in the past year, according to a new global study from Hiscox. Total cyber losses reported by almost 5,600 companies polled rose to $1.8bn from $1.2bn.
But the proportion of surveyed businesses targeted by cyberattacks also fell significantly from 61% to 39%. Some 51% of firms with more than 1,000 employees reported at least one cyber incident, far higher than the average across all business sizes.
A UK financial services firm reported the highest cyber loss last year, totalling $87.9m. Financial services was one of the most heavily targeted sectors, alongside manufacturing and technology, media and telecoms, the survey found.
At the same time, Hiscox said firms’ spending on cybersecurity was up by 39% to an average $2m during the past 12 months.
French firms spent the most on cybersecurity at an average of $3.1m, followed by Spanish firms at $2.6m and US firms at $2.4m. The UK, which Hiscox described as a laggard in previous years, saw firms increase their average spending from just under $900,000 to $1.5m.
The numbers of firms achieving ‘expert’ security status rose from 10% to 18%. The survey found businesses ranked as experts in its model spent more than double the average on cybersecurity at $4.2m.
US and Irish firms reported stronger levels of expert status at 24%, while French companies reported the biggest improvement, from 6% to 18%.
Hiscox said its Cyber Readiness Report, now in its fourth year, assesses the cybersecurity strategy and execution of firms in the US, the UK, Belgium, France, Germany, Spain, the Netherlands and Ireland, where companies reported the highest median cyber losses of $103,000.
The survey also found that more than 6% of respondents paid a ransom to resolve a malware attack. Gareth Wharton, CEO of Hiscox Cyber, said the number of businesses that paid a ransom is “chilling”. Ransomware hit one company with losses of $50m.
Mr Wharton said: “There is clear evidence of a step change in cyber preparedness, with enhanced levels of activity and spending. Take-up of standalone cyber insurance remains patchy, but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft – for which most automatically insure.”
Some 26% of firms said they had standalone cyber insurance, while 18% said they planned to buy cover or add it to existing policies. Hiscox said the expert-level businesses were “ahead of the game”, with 45% holding a standalone cyber policy.