February 9, 2017
Over a third (35 percent) of businesses targeted in a cyber-attack in the past 12 months have taken no extra measures to protect themselves in the future, claims a new report. The study of 3,000 companies in the UK, US and Germany, conducted for Hiscox says that more than half (53 percent) of businesses in the three countries are ill-prepared to deal with cyber-attacks. It also found that more than half (57 percent) of companies surveyed admit they have been the target of at least one cyber-attack in the past 12 months, while one in four (26 percent) companies has been targeted three times or more with the average cost per incident to UK businesses estimated to be £42,779. Although three out of five businesses (62 percent) took less than 24 hours to uncover their biggest cyber incident in the past 12 months, and a quarter (26 percent) did so within an hour of its occurrence, nearly half (46 percent) of businesses took two days or more to get back to business as usual.
Although big firms incur the highest costs in nominal terms, the financial impact of cyber-attacks is disproportionately high for the very smallest companies. Small businesses also appear more complacent than their larger counterparts, with 29 percent saying they changed nothing following a cyber security incident compared to larger firms (20 percent).
The Hiscox Cyber Readiness Report 2017 assessed firms according to their readiness in four key areas – strategy, resourcing, technology and process – and ranked them accordingly. While most companies scored well for technology, fewer than a third (30 percent) qualified as ‘expert’ in their overall cyber readiness.
Steve Langan, Chief Executive, Hiscox Insurance, commented: “With fewer than a third (30 percent) of businesses qualified as ‘expert’, our study reveals a worrying absence of cyber security readiness among business consumers.
“By surveying those directly involved in the business battle against cyber crime, this study provides new perspective on the challenges they face and the steps they are taking to protect themselves. But it also offers a series of practical recommendations for those businesses that still have work to do in tackling cyber risk. We hope it will contribute to a better understanding of what is needed to be fully cyber ready.