London, UK (19 April, 2021) – The proportion of businesses targeted by cyber criminals in the past year increased from 38% to 43%, according to the Hiscox Cyber Readiness report 2021, with over a quarter of those targeted (28%) experiencing five attacks or more. Those attacks are pushing many firms to the brink, with one in six businesses attacked (17%) saying the financial impact materially threatened the company’s future.
These are among the findings of a study of 6,042 companies across eight countries, commissioned by specialist insurer Hiscox. Encouragingly, the report shows firms are responding to the cyber challenge: mean spending per business on cyber security has more than doubled in the last two years.
Now in its fifth year, the Hiscox Cyber Readiness Report surveyed a representative sample of organisations in the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland.
The centrepiece of the report is a new cyber readiness model that gauges firms’ strengths in six key cyber security areas across people, process and technology. It is designed to be interactive, allowing businesses to check and compare their cyber maturity with their peers, draw on best practice in each area, and develop cyber resilience.
Scoring survey respondents against the readiness model highlighted the number of firms lacking true cyber resilience. One in five (20%) qualified as an ‘expert’, more than a quarter (27%) were classed as novices.
Among the key findings:
- Range of financial outcomes: This year’s report is notable for the range and unpredictability of cyber attack costs. For micro firms with under ten employees the median cost was $8,000. But 5% of those attacked suffered costs of $300,000 or more. There was a similarly broad range of outcomes for medium, large and enterprise firms.
- Ransomware now commonplace: Around one in every six firms attacked (16%) was targeted with ransomware and more than half (58%) paid up. In the US, the proportion paying a ransom was 71%. The costs of recovery from a ransomware attack were typically almost as high as any ransom paid (making up an average 45% of overall cost). Phishing emails were the main way in for the extortionists, with small companies particularly likely to succumb.
- Experts fared better: Firms that qualified as experts in Hiscox’s cyber readiness model suffered fewer ransomware attacks, were less likely to pay up and recovered more quickly. The US had the highest proportion of cyber experts (25%) and one of the lowest median costs of attacks. The UK ranked second, with 23% of firms ranked as experts. UK firms were least likely to have had a cyber attack (just 36%) and most likely to have defended it successfully.
- Jump in cyber security spending: The average firm now devotes more than a fifth (21%) of its IT budget to cyber security- an increase of 63% in a year. Mean spending per firm on cyber has more than doubled in two years – from $1.45 million to $3.25 million. German firms are the biggest spenders at an average of $5.5 million. Belgian firms spend the least ($1.9 million on average).
Gareth Wharton, Hiscox Cyber CEO, commented: “One of the big takeaways of this report is the worrying range of financial impacts that cyber attacks can have. The risk of inaction is that the next attack could be enough to sink the business. Cyber is a complex problem but that does not mean it is unmanageable. With good risk management and appropriate cyber insurance, firms can contain the impact of an attack and limit the damage.”
The study also shows:
- Gulf in perception on Covid-19 dangers: Less than half (47%) of firms said they had become more vulnerable to cyber attack since the onset of the pandemic, though two-thirds of large and enterprise firms (67% and 68% respectively) said they had reinforced their cyber defences to deal with home-working. But small firms are lagging - only 35% of those with under ten employees said they had done the same.
- German firms hardest hit – German businesses accounted for more than a third of total losses across the entire study group at $48 million. They also topped the table for the median cost of all attacks ($23,700) and the largest single attack ($5.1 million).
- Three key sectors targeted – These were technology, media and telecoms (56%), financial services (55%) and energy (54%). The percentage of firms targeted in each of these sectors was typically up from 44%, 44%, and 40% respectively in 2020.
- Insurance take-up still patchy: Adoption of standalone cyber cover crept up from 26% of firms to 27% over the year. Take-up was highest among large companies and those ranked as ‘experts’. Small firms remain resistant to insurance: nearly half (44%) of those with under ten employees said they had no intention of buying insurance cover. This is worrying given the evidence elsewhere in the report that small firms are vulnerable to phishing attacks and credential theft.
Notes to editors
A full copy of The Hiscox Cyber Readiness Report 2021, as well as the Hiscox Cyber Maturity Model can be accessed at
www.hiscoxgroup.com/cyber-readiness from 19 April 2021.
About the study
The fifth annual Hiscox Cyber Readiness Report was compiled in collaboration with Forrester Consulting. It is based on a survey of executives, departmental heads, IT managers and other key professionals. In total 6,042 professionals involved in their organisation’s cyber security effort were contacted (1,000-plus each from the UK, US, France and Germany, more than 500 each from Belgium, Spain, and the Netherlands and 300 from Ireland). Drawn from a representative sample of organisations by size and sector, these are the people on the front line of the business battle against cyber crime. Respondents completed the online survey between 5 November 2020 and 8 January 2021.
About the Hiscox Group
Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected specialist insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle.
The Hiscox Group employs over 3,000 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the USA, we offer a range of specialist insurance for professionals and business customers as well as homeowners. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re & ILS.
Our values define our business, with a focus on people, courage, ownership and integrity. We pride ourselves on being true to our word and our award-winning claims service is testament to that.
For more information, visit www.hiscoxgroup.com.
All press releases