Companies have a roughly 50 per cent chance of being targeted by cybercrime but few are highly prepared – new research shows the more spent on IT, the better protected the organisation will be. The Hiscox Cyber Readiness Report 2018, released today, shows that 73 per cent of organisations have “major shortcomings” in cybersecurity readiness, despite 45 per cent having experienced at least one cyber attack in the past year. And the prime targets are financial services, energy, telecoms and government entities.
Proactive approach needed
The research of 4,000 European and US firms, conducted by specialist insurer Hiscox, looked at private and public sector organisations in the UK, US, Germany, Spain and the Netherlands. It looked at both the organisations' cyber security strategy and the quality of its execution but only 11 per cent of companies scored highly in both areas. It also found that the average cost of a cyberattack was $229,000, even though incidents have cost up to $25m in the US and up to $20m in the UK and Germany.
Hiscox's Steve Langan highlighted how much companies are investing in IT and cybersecurity but he also noted that spending on new systems isn't the only important strategy to fight cybercrime: “Often the answer is not ‘more technology’ but proactive thinking, more rigorous processes and better trained staff.”
Key findings from the report include:
- Larger organisations lead the way: Larger organisations in the study (those with 250-plus employees) are better prepared. A fifth (21 per cent) rank as cybersecurity experts and a further 17 per cent pass the expert test in either strategy or execution. Just 7 per cent of smaller organisations (250 or fewer employees) make the grade as experts.
- You get what you pay for: The average organisation in the report spends $11.2m a year on IT and devotes 10.5 per cent of it to cyber security. However, the organisations that rank as cyber experts spend twice as much on IT as those that failed the test ($19.8m on average versus $9.9m) and devote a higher proportion to cybersecurity (12.6 per cent versus 9.9 per cent). Smaller firms lack resources, directing on average 9.8 per cent of their IT budget to cyber security compared with 12.2 per cent for larger organisations.
- Spending set to rise: Nearly three out of five respondents (59 per cent) plan to increase their cyber security budgets in the year ahead. New technology tops the shopping list despite this being the area where the bulk of firms appear best prepared. The experts lead the way: for example, more than half (55 per cent) plan to increase spending on awareness training compared with only 29 per cent of organisations that failed the cyber readiness test.
- High chance of being targeted: Almost half (45 per cent) of the organisations surveyed report at least one cyber attack in the past year. Two-thirds of those targeted suffered two or more attacks. Financial services, energy, telecoms and government entities were the prime targets.
- Costs range up to $25m: Among organisations that were targeted in the past year, the average cost of all incidents was $229,000. For organisations with 1,000-plus employees, the average costs ranged between $356,000 in Spain and $1.05m in the US. Individual organisations faced still higher costs – up to $20m in the UK and Germany and $25m in the US.
ThreatMetrix Cybercrime Report 2017: Digital ID is key to minimising cyberfraud
Most lucrative time for a fraudster or criminal network is the period right after a breach has happened, and before it has been discovered or reported
New and important ideas for preventing cyberfraud
A button to report suspicious e-mails, use hackers to expose your vulnerabilities, real-time monitoring, biometric authentication + prevention methodologies
10 corporate priorities for 2018: cyberattack is #1
Cyberattack is the greatest threat to markets in 2018 but company directors should also be focusing on corporate social responsibility, boardroom diversity and shareholder activism