Hiscox has released it third annual Cyber Readiness Report, providing an up-to-the-minute picture of the cyber readiness of organisations across the US and Europe, as well as a blueprint for best practice in the fight to counter the ever-evolving cyber threat.
The report finds that both the cost and frequency of attacks have increased markedly compared with a year ago, and where hackers formerly focused mainly on larger companies, small- and-medium-sized firms are now equally vulnerable – firms that are typically a part of the “cyber supply chain” of 3rd, 4th and nth parties that provide the processing and management of sensitive customer, employee and operational data.
Key findings of the report
Cyber attacks reach a new intensity: More than three in every five firms (61%) experienced a cyber incident in the past year, up from 45% in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted.
More small and medium-sized firms attacked this year: While larger firms are still the most likely to suffer a cyber attack, the proportion of small firms (defined as those with less than 50 employees) reporting an incident is up from 33% to 47%. Among medium-sized firms (50 to 249 employees) the proportion has leapt from 36% to 63%.
Supply chain incidents now commonplace: Nearly two-thirds of firms (65%) have experienced cyber-related issues in their supply chain in the past year. Worst affected are technology, media and telecoms (TMT) and transport firms. 54% evaluate the security of their supply chains ranging for once a quarter to an ad hoc basis.
Cyber losses soar: Among firms reporting attacks, average losses associated with all cyber incidents have risen from $229,000 last year to $369,000 – an increase of 61%. For large firms with between 250 and 999 employees cyber-related losses now top $700,000 on average compared with $162,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of $48 million.
More firms fail cyber readiness test: Using a quantitative model to assess firms for their cyber readiness, only one in ten (10%) achieved ‘expert’ status this year, slightly down from 11% in 2018. Nearly three-quarters (74%) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
Cyber security spending up by a quarter: The average spend on cyber security is now $1.45 million, up 24% on 2018, and the pace of spending is accelerating. The total spend by the 5,400 firms in the survey comes to $7.9 billion. Two-thirds of respondents (67%) plan to increase their cyber security budgets by 5% or more in the year ahead.
Download the full report here.
You’re only as strong as your weakest link
That is why DVV Solutions has developed a range of services and solutions to deliver more effective and efficient third-party risk management for national and local public sector organisations. Our suite of consultative and managed services deliver significant improvements in
– developing and maturing current risk methodologies and frameworks,
– scaling resources to supplement and enhance existing risk assessment programs, and
– delivering time and cost efficiencies through established best-practice and workflow automation
to enable risk assurance teams to spend more time on what’s important: eliminating control gaps, raising security standards and reducing overall risk.
Contact DVV Solutions
If you are interested in finding out more about DVV Solutions, or information about our Third Party risk assessment and risk management solutions please;
Call us on +44 (0) 161 476 8700, or
Complete our Contact Form