According to the latest Hiscox Cyber Readiness Report, more than half (53%) of businesses surveyed experienced at least one cyber attack in the past year. This represents a five-point increase from the previous year’s figure of 48%. The report, based on the responses of over 5,000 organizations across eight countries, also indicates a four-year upward trend in cyber attacks.
Of particular concern is the rise in attacks on small businesses with fewer than ten employees. Over the past three years, the percentage of such businesses falling victim to cyber attacks has increased from 23% to 36%. This can be attributed to cyber criminals exploiting vulnerabilities in small business IT systems. Additionally, the report reveals that small businesses with fewer than 250 employees have a relatively low level of confidence in their ability to handle a cyber attack, with only 61% expressing confidence compared to 71% of larger businesses.
Businesses with 1,000 or more employees reported that cyber attacks have become increasingly common, with 70% experiencing at least one attack, up from 62% the previous year. This highlights the growing threat and the need for larger organizations to strengthen their cybersecurity measures.
In terms of the impact of these attacks, the report states that one in five businesses that were targeted fell victim to ransomware, with 63% of those affected choosing to pay the ransom. This is a slight decrease from the previous year’s figure of 66%. Among larger businesses with more than 250 employees, 46% paid a ransom to protect customer data, while 42% of smaller businesses paid to protect confidential company information. The report also mentions that fewer businesses pay ransoms solely to regain operational functionality.
Despite the containment of costs associated with cyber attacks, with the median cost falling from $17,000 to just over $16,000, the overall impact on businesses cannot be underestimated. The report reveals that 21% of the attacked firms considered the cyber attack severe enough to threaten the viability of their business.
Interestingly, the Hiscox report identifies cyber risk as the top concern for businesses in five out of eight countries surveyed, even surpassing other risks such as tough market conditions due to economic challenges and increased competition. The most common entry point for hackers was found to be business email compromise (BEC), with one-third of companies reporting payment diversion fraud (PDF) due to cyber attacks.
In response to the growing number of cyber attacks, businesses are ramping up their cybersecurity efforts. The report reveals a 39% increase in cybersecurity spending over the past three years, with organizations now spending a median of $155,000. Small businesses, in particular, have quadrupled their cybersecurity spend over the past two years, reaching a median of $8,100.
Eddie Lamb, Global Director of Cyber Education and Advisory at Hiscox, emphasizes the need for businesses to update and manage their defense mechanisms continually. He acknowledges the encouraging trend of increased investment in cybersecurity but highlights the challenge of keeping pace with innovative tactics employed by cyber criminals. Lamb notes that Hiscox provides support and guidance to help clients proactively protect against cyber threats.
To assist businesses in strengthening their cybersecurity measures, Hiscox introduced the CyberClear Academy in 2017. This initiative has trained nearly 36,000 individuals from 7,000 small and medium-sized enterprises. Through partnerships with various organizations, Hiscox customers can educate their employees, which is considered a critical defense against cybercrime. In 2021, Hiscox also launched the Hiscox Maturity Assessment, an online tool enabling businesses to assess their security profile and compare it to over 16,000 companies.
The findings of the Hiscox Cyber Readiness Report highlight the pressing need for businesses, regardless of size, to prioritize cybersecurity and stay vigilant in the face of evolving cyber threats. With the prevalence and severity of attacks on the rise, organizations must invest in robust cybersecurity measures and educate their employees to minimize the potential impact of cyber incidents on their operations and bottom line.