In the aftermath of WannaCry and the Equifax breach, cybersecurity issues continue to escalate.
Despite being aware of the increased risk of falling victim to a cyber attack, many companies fail to rise to the challenge of today’s cybersecurity environment.
Hiscox released its 2018 Hiscox Cyber Readiness Report to help companies understand and manage cyber risk. The report surveyed more than 4,100 executives, departmental heads, IT managers and other key professionals in the U.K., U.S., Germany, Spain and The Netherlands.
The report spotlights financial consequences of individual cyber breaches, how much it costs in terms of investment to counter a threat, and the best multi-dimensional cyber readiness strategies.
While no two companies are the same, there is critical information for companies of all sizes and resources.
With this in mind, here are four key takeaways from the 2018 Hiscox Cyber Readiness Report.
Two-thirds of respondents ranked cyber threat alongside fraud as the top risks to their business. (Photo: Shutterstock)
No. 4: Awareness is high, but many organizations aren’t cyber ready.
Much like running a company, being cyber ready involves more than investing money into security measures. It requires a top-down strategy to prepare for a multitude of variables. Companies should know what their line of defense is in the wake of an attack, and how to respond.
Two-thirds of respondents ranked cyber threat alongside fraud as the top risks to their business. Despite the high awareness, companies consistently fail to be prepared for a cyber-attack.
To evaluate companies, Hiscox measured organizations and divided respondents as ‘cyber novices’, ‘cyber intermediates’ and ‘cyber experts.’ Hiscox found that 73% of organizations fell into the novice category.
Related: What are the top 10 risks to U.S. business in 2018?
Forty-five percent of the 4,103 organizations surveyed were hit by at least one cyber-attack in the past year, and two-thirds of those targeted suffered two or more attacks. (Photo: Shutterstock)
No. 3: Size matters.
Larger firms were found to be better prepared than their smaller counterparts.
While large firms tend to be the most prepared, they also happen to be the most targeted by cyber criminals.
Many small and mid-size organizations cite a lack of resources when explaining why they aren’t cyber ready. Small organizations — defined by having fewer than 250 employees — devote a smaller proportion of their IT budgets to cyber (9.8% on average versus 12.2% for larger organizations).
Regardless of size, no company is immune. Forty-five percent of the 4,103 organizations surveyed were hit by at least one cyber-attack in the past year and two-thirds of those targeted suffered two or more attacks. Financial services firms top the list of sectors for the largest spenders on cybersecurity with an average of 11.7% of their IT budgets to this area. The pharmaceutical and healthcare sector trail slightly behind at 11.3%
Related: Cyber insurance must be a priority for small- and mid-sized businesses
The average cost among the remainder was $229,000. (Photo: Shutterstock)
No. 2: You’ll get what you pay for.
Many companies can attest to how costly a cyber-attack can be. But the costs vary depending on a company’s size.
Of the 4,100 survey respondents, 1,853 suffered an attack in the past 12 months. Nearly a third didn’t know the financial cost of their attack. The average cost among the remainder was $229,000.
For smaller organizations, average costs ranged between $22,000 in Spain and $55,000 in Germany. For the larger ones, the average costs ranged between $259,000 in Spain and $579,000 in the U.S. However, some organizations suffered much higher costs: up to $25 million in the U.S. and $20 million in Germany and the U.K.
Related: Cyber hacks cost up to $109 billion in 2016, U.S. estimates
Sixty percent of the cyber experts in this study have taken out cyber insurance, and 31% say they plan to do so. (Photo: Shutterstock)
No. 1: Trust the experts.
As noted earlier, only 11% of organizations surveyed qualifies as ‘cyber experts’. So what separates a cyber expert from a ‘cyber novice’ and ‘cyber intermediary’? Well, there are a few factors.
First, cyber experts often have a plan. Nine out of ten cyber experts listed a defined cybersecurity strategy, compared with less than half of cyber novices. Eighty-three percent of cyber experts identify the compliance requirements through a combination of active research, automated alerts and information from content providers.
There’s also a significant difference in how much time is allotted towards training and evaluation. More than four-fifths of the cyber experts say ‘increased employee training has reduced the number of incidents that disrupt our business’. The equivalent figure among the cyber novices is just 44%
Insurance factors in significantly towards how organizations are prepared to deal with a cyber-attack. Sixty percent of the cyber experts in this study have taken out cyber insurance and a further 31% of them say they plan to do so. In contrast, only 26% of cyber novices have coverage, but an additional 24% plan to take out coverage in the next 12 months.
The saying goes “it takes two to tango,” but when it comes to cyber, cyber criminals are more than happy to catch you flat-footed. As companies are increasingly technologically reliant, they need to be prepared for an ever-changing cyber landscape.
By Denny Jacob at Property Casualty 360