More Frequent, Expensive Cyber Attacks Spur U.S. Spending on IT

A new study from insurer Hiscox shows that cyber attacks on U.S. businesses are more frequent and more expensive than ever before.

The annual Hiscox Cyber Readiness Report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 5,000 professionals responsible for their company’s cybersecurity from the U.S., UK, Belgium, France, Germany, the Netherlands, Spain and Ireland.

U.S. businesses, specifically, are more concerned about cyber attacks (46 percent), than the pandemic (43 percent) or skills shortages (38 percent) — and rightfully so.

Other key findings among the more than 900 U.S. professionals surveyed include:

• About 47 percent of all U.S. businesses have suffered an attack in the past 12 months.
• The number of U.S. firms reporting a cyber attack has jumped 7 percent in the past year.
• Attacks costing $25,000 or more have also increased from 34 percent to 40 percent.
• The median cost of an attack as of 2022 is $18,000, up from $10,000 last year.
• 84 percent of companies that experienced a ransomware attack paid attackers to resolve the issue.

As a result, more businesses are investing in IT and security as well as considering purchasing a standalone cyber insurance policy.

• About 34 percent of U.S. businesses have a standalone cyber insurance policy, a number that is holding steady.
• The number of businesses without a policy or plan to purchase one dropped from 18 percent in 2021 to 12 percent in 2022.
• The pandemic has prompted businesses to double their overall IT spend from $11.5m in 2021 to $24.2m in 2022.

There is, however, a gaping divide between what large and small organizations around the world are willing or able to spend. While larger companies may perceive themselves as being at greater risk and beef up their security, attackers are more likely to go after smaller, easier targets.

• For enterprise firms of 1,000-plus people, cybersecurity spending is up 65 percent. Firms with 1,000-plus employees are more likely to have recovered their data successfully (68 percent compared with 59 percent on average) and less likely to have had their data leaked (20 percent compared with 29 percent on average).
• Average spending by firms with 250 to 999 people has doubled in the past year. Average number of attacks: up from 45 to 69.
• Firms with between 10 and 49 employees have cut budgets almost in half, from $411,000 to $225,000. Average number of attacks: up from 31 to 56
• Among those with under 10 employees, spending has collapsed—from an average $150,000 to just $29,000. Average number of attacks: up from 11 to 40.
• Mean security spending across all respondents worldwide increased 60 percent in the past year to $5.3 million and is up 250 percent since 2019.

Experience, however, is unfortunately a good teacher when it comes to cybersecurity. Overall, of those surveyed, those who have gone through cyber attacks are the most apprehensive about the damage that could be done to their businesses and brands. More than half of cyber attack victims (55 percent) see cyber as an area of high risk. Only 36 percent of non-victims consider it a high-risk issue. However, 72 percent of companies agree a breach would damage their brand.

To learn more about cybersecurity vulnerabilities and what steps organizations of all sizes are taking to secure their data, check out the full report: Hiscox Cyber Readiness Report 2022