Cyber attacks have gotten so bad that just over half of U.S. businesses have reported one over the past year, and a large majority of those targeted spent substantial money to investigate and respond, according to a new study from specialty property insurer Hartford Steam Boiler.

The findings in the study, conducted for Munich Re-owned HSB by Zogby Analytics, underscore the ever-escalating costs many businesses are facing due to cyber breaches that are becoming ubiquitous, as well as the challenges insurers face in addressing those risks for companies of all sizes.

About 61 percent of companies said they purchased or boosted their level of cyber insurance coverage over the last year, according to the HSB/Zogby survey of 403 C-level and other senior executives in the U.S. Of those who bought cover or added more, approximately 56 percent said they snatched up cyber insurance for the first time.

Timothy Zeilman, vice president for HSB (which is among carriers that offer cyber insurance), said that businesses revealed not just that they were facing more cyber attacks and related costs but that they’re getting “more anxious about protecting their data.”

“Data is what drives a business, and the loss or corruption of information can be devastating,” Zeilman said in prepared remarks.

Among the HSB/Zogby findings:

  • 53 percent of U.S. businesses dealt with a cyber attack in the past year.
  • Of the businesses that faced a cyber attack, 72 percent spent more than $5,000 to investigate each breach, restore or replace software and hardware, and deal with other related issues.
  • 38 percent of the hacked businesses spent more than $50,000 to respond, and 10 percent forked over between $10,000 and $250,000. About 7 percent of attacked businesses in the survey said they spent more than $250,000 to respond to a cyber attack.
  • Seven out of 10 executives said they were worried they’d see their data destroyed if a cyber attack struck.
  • When a cyber attack actually hit, 60 percent said they lost data. Another 55 percent reported post-cyber attack problems with business interruption.
  • The most common cyber attack involved malware, for 53 percent of respondents. Viruses were second, at 51 percent. But denial of service attacks, ransomware and cyber extortion also hit a sizable minority of respondents.

The survey involved businesses and institutions that generated revenue under $5 million all the way to more than $200 million. HSB/Zogby reported a margin of error of plus or minus 5 percentage points. CEOs, chief information officers, chief technology officers, chief financial officers, chief operating officers and other senior executives participated.

Source: Hartford Steam Boiler/Zogby Analytics