Hiscox Cyber Readiness Report 2019 assesses & ranks cyber security strategy, execution
London, UK (Apr. 23, 2019) – A sharp increase in the number and cost of cyber attacks is the key finding in a study of more than 5,400 organisations across seven countries, commissioned by insurer Hiscox. More than three out of five firms (61%) report one or more attacks in the past year, yet the proportion achieving top scores for their cyber security readiness is marginally down year-on-year.
The Hiscox Cyber Readiness Report 2019 surveyed a representative sample of private and public sector organizations in the US, UK, Belgium, France, Germany, Spain and the Netherlands. Each firm was assessed on its cyber security strategy and execution, and ranked accordingly. Only 10% achieved high enough marks in both areas to qualify as cyber security ‘experts’.
Among the key findings:
- Cyber attacks reach a new intensity: More than three in every five firms (61%) experienced a cyber incident in the past year, up from 45% in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted.
- More small and medium-sized firms attacked this year: While larger firms are still the most likely to suffer a cyber attack, the proportion of small firms (defined as those with less than 50 employees) reporting an incident is up from 33% to 47%. Among medium-sized firms (50 to 249 employees) the proportion has leapt from 36% to 63%.
- Cyber losses soar: Among firms reporting attacks, average losses associated with all cyber incidents have risen from $229,000 last year to $369,000 – an increase of 61%. For large firms with between 250 and 999 employees cyber-related losses now top $700,000 on average compared with $162,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of $48 million.
- More firms fail cyber readiness test: Using a quantitative model to assess firms for their cyber readiness, only one in ten (10%) achieved ‘expert’ status this year, slightly down from 11% in 2018. Nearly three-quarters (74%) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
- Cyber security spending up by a quarter: The average spend on cyber security is now $1.45 million, up 24% on 2018, and the pace of spending is accelerating. The total spend by the 5,400 firms in the survey comes to $7.9 billion. Two-thirds of respondents (67%) plan to increase their cyber security budgets by 5% or more in the year ahead.
“This is the third Hiscox Cyber Readiness Report and, for the first time, a significant majority of firms report one or more cyber attacks in the past 12 months,” said Gareth Wharton, Hiscox Cyber CEO. “Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The cyber threat has become the unavoidable cost of doing business today. The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”
The study also shows:
- Wide disparity in readiness scores: Overall, US, German and Belgian firms score highest on the cyber readiness model, while more than four-fifths of French firms (81%) are in the ‘novice’ category. Along with the Netherlands, France has the smallest proportion of large and enterprise firms that rank as ‘experts’, at 9%.
- Cost figures skewed by large incidents: Among firms that were targeted by hackers, there has been a sharp rise in the cost of the biggest single incident reported in the past year. The mean cost has jumped from $34,000 to a fraction under $200,000.
- Supply chain incidents now commonplace: Nearly two-thirds of firms (65%) have experienced cyber-related issues in their supply chain in the past year. Worst affected are technology, media and telecoms (TMT) and transport firms. The majority of firms (54%) now evaluate the security of their supply chains at least once a quarter or on an ad hoc basis.
- Reasons to be optimistic: The proportion of firms with no defined role for cyber security has halved in the past year – from 32% to 16% – and there has been a marked fall in the number of respondents saying they changed nothing following a cyber incident (from 47% to 32%). New regulation has also prompted action, with 84% of Continental European firms saying they have made changes following the advent of the General Data Protection Regulation (GDPR). The figure for UK firms is 80%.
- Rising uptake of cyber insurance: More than two out of five firms (41%) say they have taken out cyber cover in the past year (up from 33% in 2018). A further 30% plan to take out cover in the year ahead. More than half of larger firms now have cover but only 27% of small firms.
About the Study
Hiscox commissioned Forrester Consulting to assess organisations’ cyber readiness. In total 5,392 professionals involved in their organisation’s cyber security effort were contacted (1,000-plus each from the UK, US, and Germany, and 500 each from Belgium, France, Spain and the Netherlands). Drawn from a representative sample of organisations by size and sector, these are the men and women on the front line of the business battle against cyber crime. Respondents completed the online survey between 12 October and 7 December 2018.
About The Hiscox Group
Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected specialist insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle. It’s a long-standing strategy which in 2018 saw the business deliver a profit before tax of $137.4 million in a challenging year for insurers.
The Hiscox Group employs over 3,300 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the US, we offer a range of specialist insurance for professionals and business customers as well as homeowners. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re & ILS.
Our values define our business, with a focus on people, quality, courage and excellence in execution. We pride ourselves on being true to our word and our award-winning claims service is testament to that.
For further information, visit www.hiscox.com.
Source: HiscoxTags: cyber attacks, Cyber Insurance, Hiscox