A recent study by insurer Hiscox has revealed a six-fold increase in cybersecurity losses among businesses targeted in the past year, increasing from a median $10,000 (£8,051) per firm to $57,000 (£45,892).
The international study, using findings from 5,569 companies across eight countries, shows a $1.2 billion rise in cyber losses to almost $1.8 billion, with the most heavily-targeted sectors being financial services, manufacturing and technology, media and telecoms (TMT).
However, there were also signs that firms are responding to threats with “more rigorous security measures and higher spending”, which increased by 39%. As well as this, although losses increased, the proportion of businesses targeted fell from 61% to 39%.
A representative sample of private and public sector organisations in the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland were surveyed, with each firm being assessed on its cybersecurity strategy and execution and ranked accordingly.
The results showed a marked improvement in cybersecurity readiness, with the numbers achieving ‘expert’ status nearly doubling – from 10% to 18%.
Despite this increase in security, around one in six of those attacked (6%) paid a ransom following a malware attack. The highest losses reported by any single company targeted with ransomware – and which could include other cyber events – topped $50 million.
Commenting on the data, Hiscox CEO Gareth Wharton said: “While the number of firms reporting a cyber breach is down this year, the cost of criminal activity in this area appears markedly higher.
“The number of businesses that have paid a ransom following a malware infection is chilling. There is, however, one very positive message from this year’s report. There is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending.
“Take-up of standalone cyber insurance remains patchy, but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft – for which most automatically insure.”
- Comment: Cyber Resilience and 5G Must Evolve Hand-in-hand
- Privacy Rights Groups Welcome Contact-tracing App U-turn
- Commsworld Completes Roll-out of £10m UK-wide Optical Core Network
To combat the threats, the average spend on cybersecurity has risen from $1.47 million to $2.05 million (39%). Approximately twice as many firms are responding to cyber events by taking extra measures to combat the hackers.
Data shows a 25% increase in spending on employee training following an attack compared with just 11% last year. Many more are prioritising key initiatives in the year ahead and nearly three-quarters of respondents (72%) plan to increase their cybersecurity budgets by 5% or more, up from 67% last year.
The Hiscox study shows an increased interest for companies to shift towards increased cybersecurity within their businesses, indicated by recent calls for extra representation for women in cybersecurity.
In early June, the NHS in England launched a cybersecurity framework designed to give more protection to the UK health services and the public sector in light of increased cybersecurity activity during Covid-19.
The ‘Cyber Security Services Framework’ provides access to cybersecurity experts and a range of services such as consultancy, incident response and recovery, risk management, and staffing.
As well as this, in April the National Cyber Security Centre (NCSC) announced its Cyber Aware campaign, designed to inform users on how to protect themselves from cybersecurity threats and offering advice and guidance to help people protect their devices, accounts and passwords from cyber attacks.