There are a number of annual information security/cyber security reports released throughout the year, providing us with an information security/cyber security ‘picture’. The latest to be published is The Hiscox Cyber Readiness Report 2019. This report is interesting as it is the third version, enabling us to look at changes year-on-year and comparing like with like, as opposed to picking up different reports with different samples sizes, locations, company sizes, criteria etc and trying to make comparisons or draw any conclusions.
The headline is that both the cost and frequency of attacks have increased significantly compared to last year and where previously the focus of hackers has, in the main, been on larger companies, small and medium-sized organisations appear to be equally vulnerable.
The aim of this blog is to summarise the main findings and provide you with useful insight. So, let’s start with the overall picture:
- Cyber attacks are on the rise – 61% reported an attack in the last year – up from 45% the previous year. It’s interesting to note that whilst large organisations are still the most likely to suffer a cyber attack, 47% of small organisations and 63% of medium-sized organisations have suffered an attack
- Costs of an attack are increasing – from $229,000 last year to $369,000 this year – an increase of 61%
- Supply chain incidents are common – 65% of organisations have experienced cyber-related issues in their supply chain.
And what about the UK specifically:
- Lowest cyber security budgets – with less than £695,000 ($900,000) on average compared with an overall average £1,128,000 ($1.46 million)
- Cyber attacks are on the rise – 55% this year as opposed to 40% previously
- Incident cost is lower, but still high at £188,000 ($243,000)
- Measurable – a UK organisation is most likely to say that it could clearly measure the business impact of a cyber incident.
*Exchange rate 1 GBP = 1.29420 USD as of 23 April 2019 and rounded
So how extensive was this study? Well, in total 5,392 professionals involved with their organisation’s cyber security strategy were contacted across 7 countries. Approximately 1,000 each from the UK, USA and Germany, and 500 from Belgium, France, Spain and The Netherlands. Thirty-nine percent of respondents were from organisations with fewer than 50 employees, 16% from medium-sized firms employing 50-249 people, 16% from large firms employing 250-999 personnel and the remaining 28% from enterprises with 1,000 or more employees. So, statistically speaking, a good number to base conclusions on from a reasonable spread. Perhaps too many small organisations overall, but this shouldn’t detract from the conclusions.
This study has some very useful statistics and once again it underlines the need to be vigilant and not complacent, and to take a proactive approach to managing your cyber exposure. Risk assessment will help you prioritise and focus your efforts.