Cyber attacks on businesses around the globe are on the rise, as well as the losses they inflict.
Approximately 61 percent of firms dealt with a cyber attack over the last year, compared to 45 percent in 2018, according to Hiscox’s Cyber Readiness Report for 2019.
Cyber incidents produced a median loss cost of $369,000 versus $229,000 the year before, Hiscox found.
“The message that cyber risk is a real threat to businesses of all sizes is sinking in. Companies are increasingly aware of the risks and pouring more resources into cyber protection, and yet, there is still a tremendous gap between awareness of the issue and actually having an effective defense,” Meghan Hannes, cyber product head for Hiscox in the U.S., said in prepared remarks.
Data in the annual report comes from a survey of nearly 5,400 professionals from multiple countries—the U.S., UK, Germany, Belgium, France, Spain and the Netherlands—who handle their company’s cybersecurity and found that the cost and frequency of attacks are on the rise. More than 1,000 U.S. companies took part in the survey, which looked at respondents’ preparedness to handle cyber attacks and also cyber mitigation strategies and how they were executed.
Among the key findings:
- 72 percent of firms plan to increase spending on cybersecurity in the coming year. However, only 11 percent of respondents cited increased spending on employee training and culture changes as a result of a cybersecurity incident, both of which are crucial components of a company’s defense against cyber risks.
- 53 percent of respondents reported an attack in the past 12 months compared to 38 percent last year. Many companies do not take proper action following an attack, with 45 percent of companies reporting experiencing three or more attacks in the past year. Cyber incidents come with a large price tag. The mean cost of cyber incidents in the U.S. was $119,000.
- Just 11 percent of large and enterprise firms ranked as “cyber experts” compared to 26 percent of large and enterprise firms last year.
- 56 percent of firms experienced cyber-related issues in their supply chain in the past year. However, only 7 percent of respondents cited increased evaluation of the supply chain as a result of a cybersecurity incident occurring in the past 12 months.
“Many believe that increasing cyber-related spending fully protects a business, but it isn’t enough, Hannes said. “Businesses must take a holistic approach, ensuring they can properly maximize their investment with appropriate internal protocols, staffing and employee training, ultimately creating a human firewall as the first line of defense.”
Click here to access the full report.