General Insurance Article - Cyber attacks on the rise for businesses

The proportion of businesses targeted by cyber criminals in the past year increased from 38% to 43%, according to the Hiscox Cyber Readiness report 2021, with over a quarter of those targeted (28%) experiencing five attacks or more. Those attacks are pushing many firms to the brink, with one in six businesses attacked (17%) saying the financial impact materially threatened the company’s future.

 These are among the findings of a study of 6,042 companies across eight countries, commissioned by specialist insurer Hiscox. Encouragingly, the report shows firms are responding to the cyber challenge: mean spending per business on cyber security has more than doubled in the last two years.

 Now in its fifth year, the Hiscox Cyber Readiness Report surveyed a representative sample of organisations in the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland.

 The centrepiece of the report is a new cyber readiness model that gauges firms’ strengths in six key cyber security areas across people, process and technology. It is designed to be interactive, allowing businesses to check and compare their cyber maturity with their peers, draw on best practice in each area, and develop cyber resilience.

 Scoring survey respondents against the readiness model highlighted the number of firms lacking true cyber resilience. One in five (20%) qualified as an ‘expert’, more than a quarter (27%) were classed as novices.

 Among the key findings:

 Range of financial outcomes: This year’s report is notable for the range and unpredictability of cyber attack costs. For micro firms with under ten employees the median cost was $8,000. But 5% of those attacked suffered costs of $300,000 or more. There was a similarly broad range of outcomes for medium, large and enterprise firms.

 Ransomware now commonplace: Around one in every six firms attacked (16%) was targeted with ransomware and more than half (58%) paid up. In the US, the proportion paying a ransom was 71%. The costs of recovery from a ransomware attack were typically almost as high as any ransom paid (making up an average 45% of overall cost). Phishing emails were the main way in for the extortionists, with small companies particularly likely to succumb.

 Experts fared better: Firms that qualified as experts in Hiscox’s cyber readiness model suffered fewer ransomware attacks, were less likely to pay up and recovered more quickly. The US had the highest proportion of cyber experts (25%) and one of the lowest median costs of attacks. The UK ranked second, with 23% of firms ranked as experts. UK firms were least likely to have had a cyber attack (just 36%) and most likely to have defended it successfully.

 Jump in cyber security spending: The average firm now devotes more than a fifth (21%) of its IT budget to cyber security- an increase of 63% in a year. Mean spending per firm on cyber has more than doubled in two years – from $1.45 million to $3.25 million. German firms are the biggest spenders at an average of $5.5 million. Belgian firms spend the least ($1.9 million on average).

 Gareth Wharton, Hiscox Cyber CEO, commented: “One of the big takeaways of this report is the worrying range of financial impacts that cyber attacks can have. The risk of inaction is that the next attack could be enough to sink the business. Cyber is a complex problem but that does not mean it is unmanageable. With good risk management and appropriate cyber insurance, firms can contain the impact of an attack and limit the damage.”

 The study also shows:

 Gulf in perception on Covid-19 dangers: Less than half (47%) of firms said they had become more vulnerable to cyber attack since the onset of the pandemic, though two-thirds of large and enterprise firms (67% and 68% respectively) said they had reinforced their cyber defences to deal with home-working. But small firms are lagging - only 35% of those with under ten employees said they had done the same.

 German firms hardest hit – German businesses accounted for more than a third of total losses across the entire study group at $48 million. They also topped the table for the median cost of all attacks ($23,700) and the largest single attack ($5.1 million).

 Three key sectors targeted – These were technology, media and telecoms (56%), financial services (55%) and energy (54%). The percentage of firms targeted in each of these sectors was typically up from 44%, 44%, and 40% respectively in 2020.

 Insurance take-up still patchy: Adoption of standalone cyber cover crept up from 26% of firms to 27% over the year. Take-up was highest among large companies and those ranked as ‘experts’. Small firms remain resistant to insurance: nearly half (44%) of those with under ten employees said they had no intention of buying insurance cover. This is worrying given the evidence elsewhere in the report that small firms are vulnerable to phishing attacks and credential theft.

Back to Index

Similar News to this Story

Lockdowns cut thefts by 40 percent
Thefts fell by 40 percent during lockdown while the nation stayed at home and were better able to guard their belongings. Data from insurer Urban Jung
World Insurance Report 2021
Capgemini and Efma’s World Insurance Report 2021, published today, finds that insurers need to rethink their distribution models to offer uninterrupte
Financial scams to be included in the Online Safety Bill
The Secretary of State for Digital, Culture, Media and Sport has made comments confirming that provisions will be made for the prevention of online fr

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS


Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.