A fifth of US and European businesses have warned that a serious cyber-attack nearly left them bankrupt, with most (87%) viewing compromise as a bigger threat than an economic downturn, according to Hiscox.
Hiscox, a global insurance company, detailed growing fears among the 5,000 businesses in eight countries surveyed for its annual Cyber Readiness Report. Average cybersecurity spending was up 60% across the year to US$5.3mn, an increase of 250% since 2019, the report said.
The frequency of cyber attacks increased by 12% year-on-year – with 48% of businesses saying they suffered a cyber attack in the past 12 months, compared to 43% in the prior year. It is no surprise then that over 87% of businesses across the world see cyber as the number one threat to their financial health, and view it as more of a threat than an economic downturn and skill shortages. More than half of cyber attack victims (55%) see cyber as an area of high risk; whereas amongst companies which have not yet suffered an attack, the figure is just 36%.
The cost of cyber attacks is having huge effects on businesses worldwide
Asked how they had responded to cyber attacks, around two out of five experts said they had put additional cyber security and audit requirements in place (41%), stepped-up employee training (39%) and improved preparations for cyber attack (39%). The figures are generally higher for large firms.
The small-firm experts lead when it comes to the first of those moves: more than half say they have implemented additional cyber security requirements post-attack. Similarly, more of them have engaged with an incident response provider – though that may reflect the fact that their bigger brethren already have outside help in place or do not need more.
Gareth Wharton, Hiscox Cyber CEO, commented: “Business owners will have spent years growing and investing in their business, but one cyber attack could reduce what they have built to financial rubble. The threat of insolvency for many is very real given the increasing costs of an attack – the median cost of an attack has risen sharply by nearly a third to just under US$17,000, and for some of the worst hit businesses costs topped US$5mn.”
An increasing volume of cyber attacks
Adoption of cyber insurance is highest in the financial services industry, where 74% of companies have cover either through a standalone policy or as part of a wider insurance policy.
The report found that cyber criminals are using speed and sophisticated means to identify vulnerabilities in businesses’ networks, which is driving a 29% increase in the median cost of attacks per company to just under US$17,000. More than three out of five respondents (62%) agree that their business was more vulnerable to an attack as a result of employees working from home. This rose to 69% in companies who employed more than 250 people.
“Remote working is not going away, and has impacted the volume of cyber attacks as cyber criminals gain access via cloud servers, so it is vital that businesses take the necessary steps to protect themselves against the complexity and speed of cyber attacks. In particular, the success cyber criminals continue to have in breaching systems via the use of phishing emails means one of the most effective defences a business can have is continuing to raise staff awareness of the risks,” added Wharton.