Cybersecurity spending on the rise as attacks surge

Since the start of the pandemic and the rise of people working from home, cybercriminals have had to adapt to their new environment, and are using weaknesses in people’s security to launch more attacks.

The latest data released in the Hiscox Cyber Readiness Report shows 43% of companies report having been targeted with over a quarter experiencing five assaults or more. One in six businesses attacked (17%) also reveal how the financial impact has threatened the company’s future.

The report underlines the scale of the cyber challenge, but it also offers good news. Despite the difficulties presented by the Covid-19 pandemic, firms have intensified their fightback by devoting more resources and focus than ever to cyber resilience. It found organisations are upping their defences against cybercrime, with cybersecurity taking up 21% of the average organisation’s IT budget. This is a large jump from the 13% which was used for the same spend last year.

A wide range of attacks

The proportion of respondents reporting attacks jumped from 38% in 2020 to 43%. The hackers’ favourite targets were the technology, media and telecoms (TMT), financial services and energy sectors. The percentage of firms affected in these sectors was typically up from the low-to-mid-40s in the 2020 study to the mid-50s. 

When asked to name the first point of entry for the hackers, 37% of respondents mentioned their corporate-owned servers. Cloud-based servers came second (mentioned by 31%), followed by company websites (29%) and employee errors such as phishing or spoofing (28%). The previous year, phishing was the clear number one issue, mentioned by 45% of respondents. 

While professional services, construction, and financial services firms were particularly likely to cite the corporate server as the point of entry, businesses dealing with the public, particularly retail/wholesale and energy, were more likely to have suffered a breach via the company website. Company-owned mobile devices, mentioned by just over a quarter of all firms attacked (26%), appear to be areas of particular vulnerability for more mobile industries such as transport/distribution and travel/leisure (mentioned by 32% and 30% respectively).

Around one in every six firms attacked was targeted with ransomware and more than half paid up. In the US, the proportion paying a ransom was 71%. The costs of recovery from a ransomware attack were typically almost as high as any ransom paid (making up an average 45% of overall cost). 

Overall, Spanish companies were most likely to report a cyber attack (53%). Nearly half of all French respondents (49%) reported an attack, up from 34% the previous year. By contrast, only 36% of British firms reported being targeted, the least affected by cyber attacks.