Cyber readiness has improved, but potential blind spots remain

Businesses are enhancing levels of spending and activity to minimize their vulnerability to cyber incidents and breaches, according to Hiscox.

The annual Hiscox Cyber Readiness Report 2020, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed 5,569 professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland who are responsible for their company’s cyber security, between December 24, 2019, and February 3, 2020.

Key findings specific to the more than 1,000 US professionals surveyed include:

A leader in cyber spending: The US shared the top spot for cyber spending, alongside Ireland. US businesses increased their average cybersecurity spending within their IT budgets by 61% to $2.4 million.

More financial damage caused by fewer attacks: A battle has emerged between cyber criminals and businesses. In the US, only 41% of respondents reported that their organization experienced at least one cyber incident or breach compared to 53% last year, though the median cost of all cyber incidents in the US rose from $10,000 last year to $50,000 this year. Therefore, cyber criminals have been doing more damage in fewer, albeit more sophisticated, attacks.

Businesses are taking action: Meanwhile, businesses are building up their defenses. While 39% of US organizations reported they did not take action after a security incident last year, this figure fell dramatically to 3% in this year’s report. Actions taken include regularly evaluating and discussing security and privacy, increasing spending on employee training and cultural change and creating additional security and audit requirements.

Cyber readiness has improved, but potential blind spots remain: The number of ranked cyber experts more than doubled to 24% this year, while cyber novices fell to 58% compared to 73% last year. Despite this positive trend in cyber readiness, 48% of all respondents agreed their organization remains at risk of having a cyber incident.

Reputational impacts have increased: Fifteen percent of respondents that experienced a cyber incident or breach reported bad publicity or impact on their brand or reputation as a result, compared to 3% last year. Businesses also experienced greater difficulty in attracting new customers following an incident or breach, with 17% reporting challenges compared to 3% saying the same the year prior.

US businesses are more likely to pay a ransom: Alongside France, the US led the way with businesses most likely to pay a cyber ransom, with 18% of those US companies who suffered a ransomware infection reporting it had been paid.

Small businesses remain vulnerable to risk: 32% of US small businesses, those with under 250 employees, experienced at least one cyber incident or breach in the past year. Of these, 21% of small businesses purchased or enhanced their cyber insurance policy for protection against threats.

Mitigating the risk: Sixty-four percent of US businesses said they had cyber insurance coverage, while 16% said they were planning to purchase coverage in the next twelve months. Additionally, 54% of respondents with cyber insurance reported they planned to use “employee training” that’s offered by their insurance providers in addition to their cyber policy.

“The financial threat cyber attacks pose to a company’s bottom line is a risk that’s here to stay, and one that grows, learns and adapts to the ever-changing world around us. Businesses are all vulnerable at their weakest moments, and a holistic cyber strategy can help identify those weaknesses before being forced into a real-time stress test,” said Meghan Hannes, Cyber Product Head for Hiscox in the US. “Businesses have been pushed into an unforgiving new world in 2020, and cyber criminals won’t offer any form of relief. COVID-19 has created new, lucrative opportunities for cyber attacks, and businesses must evolve their cyber strategies to remain shielded.”