Over half (53%) of businesses suffered at least one cyber attack over the last 12 months – a five-point increase on the previous year (48%) according to new data from the latest Hiscox Cyber Readiness Report.
The Hiscox Cyber Readiness Report www.hiscoxgroup.com/cyber-readiness – based on the views of over 5,000 organisations of all sizes across eight countries – found that cyber attacks have increased for the fourth consecutive year. Attacks on small businesses with less than ten employees have risen from 23% to 36% over the last three years, as cyber criminals look to leverage vulnerabilities in IT technology. Small businesses of less than 250 employees also report a lack of confidence around cyber, with only three in five (61%) confident that they could handle an attack, compared to 71% of larger businesses. Companies with 1,000 or more employees felt that cyber attacks were more commonplace than ever before, with seven out of ten (70%) experiencing at least one attack – up from 62% a year ago.
For those businesses who suffered an attack, one in five were held to ransom, with those willing to pay falling slightly to 63% compared to 66% the previous year. For large businesses with over 250 employees, 46% paid a ransom to protect customer data, while 42% of smaller businesses with less than 250 employees say they paid to protect confidential company data. Fewer companies paid a ransom with the motive to be operational again. The cost of attacks was marginally more contained, with the median cost on a business falling from $17,000 to just over $16,000. However, the impact of cyber risk cannot be underestimated, with one in five firms (21%) that were attacked saying it was enough to threaten the viability of the business.
Even though companies are dealing with risks like tough market conditions, due to both a challenging economy and in many cases increased competition, cyber is still reported as the top risk to businesses in five of eight countries surveyed. Business email compromise (BEC) was the number one entry point for hackers with one-in-three companies experiencing payment diversion fraud (PDF) because of a cyber attack. In response to the greater number of cyber attacks, companies are fighting back – increasing their cyber security spend by 39% over the last three years to a median of $155,000, with smaller businesses quadrupling their spend over the last two years to a median of $8,100.
Eddie Lamb, Global Director of Cyber Education and Advisory, said: “Cyber is now a standard business risk, with the number of attacks increasing for the fourth year in a row. it is encouraging to see that companies are taking steps in the right direction by investing more in cyber security, but keeping pace with the hackers, who continually innovate tactics like business email compromise to threaten businesses both reputationally and financially, is not easy. That’s why it’s so important that businesses consistently update and manage their defences to stay one step ahead of the cyber criminals, which is something we spend a lot of time supporting our clients with.”
In 2017, Hiscox introduced the CyberClear Academy which has trained almost 36,000 individuals from 7,000 small and medium businesses. The cyber training is offered through various partners and helps Hiscox customers educate their employees – a key defence against cyber crime. In 2021, Hiscox released the Hiscox Maturity Assessment, a free online tool allowing businesses to identify strengths and weaknesses in their security profile and compare their scores to over 16,000 companies www.hiscoxgroup.com/cyber-maturity.