More than three in five firms across the US and six European countries reported one or more cyberattacks in the past 12 months, but the proportion achieving top scores for their cyber security readiness was marginally lower year-on-year according to insurer Hiscox.

The group’s latest survey includes responses from more than 5,400 small, medium, and large businesses across the US and the UK, Germany, Belgium, France, the Netherlands, and Spain.

Hiscox reports that 55% of the UK companies participating in the survey reported a cyberattack over the period, up from 40% in the previous 12 months. Average losses from cyberattacks increased by 61%, from US$229,000 (£176,000) previously to US$369,000 (£284,000). German firms suffered the greatest number of attacks, one reporting that the cumulative cost to it had been $48 million.

Low defence budget

The Hiscox Cyber Readiness Report 2019 found that only 10% of the private and public sector organisations in the seven countries surveyed achieved high enough marks in cyber security strategy and execution to qualify as cyber security experts.

Although larger firms are still the most likely to suffer a cyberattack, the proportion of small firms with less than 50 employees reporting an incident jumped from 33% to 47%.

“Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable,” said Gareth Wharton, cyber CEO at Hiscox. “Cyber threat has become the unavoidable cost of doing business today,”

Of the seven countries surveyed, UK firms had the smallest budgets available to instigate measures against cyberattacks. On average, companies from the other six countries allocated an annual budget of $1.46 million to enhancing their cyber security, while the figure for UK firms was less than $900,000.

The report notes that UK firms also fared particularly badly when it came to assessing companies’ readiness to prepare against attacks.

“They may feel like they won’t be targeted, as we tend to only read about large breaches in the press,” said Wharton. “If they incorrectly feel that they won’t be targeted, they may be less likely to spend on cyber security.”

Although the report’s findings are generally gloomy, Wharton added: “The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”

The findings support warnings from the World Economic Forum (WEF) that cyber security has become one of the biggest issues for the global economy. It recently reported that “economic loss due to cybercrime is predicted to reach $3 trillion by 2020.” The WEF  added that “74% of the world’s businesses can expect to be hacked in the coming year.”