A study of 3,000 companies in the UK, US and Germany, conducted for specialist insurer Hiscox, reveals that more than half (53%) of businesses in the three countries are ill-prepared to deal with cyber-attacks. The Hiscox Cyber Readiness Report 2017 assessed firms according to their readiness in four key areas – strategy, resourcing, technology and process – and ranked them accordingly. While most companies scored well for technology, fewer than a third (30%) qualified as ‘expert’ in their overall cyber readiness.
Among the key findings:
· Over a third (35%) of UK businesses targeted in a cyber-attack in the past 12 months admit they have taken no extra measures to protect themselves in the future.
· Small businesses hit hardest as the financial impact of cyber-attacks is disproportionally higher for smaller companies
· More than half (57%) of companies surveyed admit they have been the target of at least one cyber-attack in the past 12 months, while one in four (26%) companies has been targeted three times or more.
· Average cost per incident to UK businesses is estimated to be ?42,779
Steve Langan, Chief Executive, Hiscox Insurance, commented: “With fewer than a third (30%) of businesses qualified as ‘expert’, our study reveals a worrying absence of cyber security readiness among business consumers.
“By surveying those directly involved in the business battle against cyber crime, this study provides new perspective on the challenges they face and the steps they are taking to protect themselves. But it also offers a series of practical recommendations for those businesses that still have work to do in tackling cyber risk. We hope it will contribute to a better understanding of what is needed to be fully cyber ready.”
The way forward - steps for improving cyber readiness
The study draws on the example of the ‘expert’ companies to construct a blueprint for cyber readiness. There are six areas highlighted in the report where firms should focus their efforts to make up ground – including more employee training, the tightening up of technology and the transfer of risk by way of cyber insurance.
