A new report from insurer Hiscox has revealed that while the numbers for cyberattack cost and frequency continue to rise, knowledge and concern is increasing with it.
The report, which analysed 5,400 firms across seven countries, argued cyber threat has “become the unavoidable cost of doing business today.”
Looking at the top figures make for pessimistic reading. The number of companies achieving ‘expert’ scores for their cyber strategy and execution has gone down on last year, from 11% to 10%. Almost two in three (65%) companies said they had experienced cyber-related issues in their supply chain over the past year, with more than three in five (61%) reporting an attack in general. The mean figure for losses associated with all cyber incidents has risen by $140,000 on average, with medium and large-sized firms bearing the brunt of the cost.
Yet there are reasons for optimism and drivers of change. The report found the average spend of cyber is now $1.45 million, with the total amount spent by the 5,400 firms analysed rounding off at $7.9 billion. Two in three respondents said they planned to increase their cyber spending by 5% or more in the coming year.
Besides, the report notes loss figures going up are predominantly down to the main bounties becoming significantly larger. The mean cost of a cyber incident has gone from $34,000 per year to just under $200,000 – a number which needs to be doubled when looking specifically at larger firms.
Exploring the data by country provided a few interesting insights. The UK has the lowest cyber security budgets on average, while the US has the lowest mean cost of incidents and the businesses most likely to increase their security spending. France had the fewest number of businesses qualified as experts (6%), while Germany had the highest individual declaration, with a cost for all incidents of $48 million.
As more companies migrate to the cloud – and more complex workloads with it – Hiscox argues it brings more risk. 22% of those polled reported problems and outages with third-party cloud providers, up from 13% this time last year. When looking at the supply chain, almost half (47%) of all Spanish respondents said they assessed their relationships with suppliers once a month – up significantly from the 32% overall who did it. 8% of those polled said they had increased their evaluation of the supply chain as the result of an incident in the past year.
Ultimately, the mindset of ‘when not if’ needs to be applied when possible, and frequent, prudent testing needs to be part of an overall more hygienic security posture. Hiscox is aiming to do its bit on this front, launching an online training platform last year, and unveiling a free ‘cyber exposure calculator’ last month.
“The cyber risk may mutate rapidly, but progress in mitigating it and managing it is also evolving,” said Gareth Wharton, Hiscox cyber CEO.
You can read the full report here (pdf).
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.