To anyone who has been paying attention, this isn’t as much of a surprise, as it is a confirmation of the ongoing tenuous condition of enterprise cybersecurity but a just-released survey from specialty insurer Hiscox shows that roughly three-quarters of the 4,100 organizations surveyed face significant shortcomings when it comes to cybersecurity.
The Hiscox Cyber Readiness Report 2018, which aims to take a measurement of how defensively prepared surveyed organizations are against cyber threats, found that the U.S. tops the list in terms of cyber expertise. Not that it does anyone any good as still nearly half of all businesses reported at least one cyber-attack in the year prior the survey. And two-thirds of those targeted endured two or more attacks.
There were a number of interesting findings, among 1,000 U.S. respondents, in the report:
Cyber threat ranks as a top risk: While many firms may lack adequate defenses, two-thirds of respondents (69%) rank the threat of a cyber-attack alongside fraud as a top risk to their businesses.
Cyber security spending on the rise: As firms increasingly recognize the dangerous impact of a cyber attack, it necessitates the demand for protective and preventive resources. Almost 60% of survey respondents believe their overall cyber security spending budget will increase by five percent or more. The average IT budget of survey respondents in the US is $11.65 million, with 10.6% being devoted to cyber security.
Employee training works: Of the organizations making an investment in cyber security efforts, 54% indicated that employee training helped reduce the number of cyber hacks and incidents. Furthermore, 43% of US companies reported conducting cyber security exercises, such as phishing experiments, to understand employee behavior and readiness for an attack.
Costs range up to $25 million: Among the largest organizations (more than 1,000 employees), the average cost of cybercrime, aggregating all incidents over the past year, was $1.05 million. Some of these larger organizations faced even higher costs than the average of up to $25 million annually.
Small businesses behind the cyber insurance curve: Despite an increase in spending across the board, there is a stark difference between how small and large businesses view cyber insurance. Fifty-eight percent of US companies with more than 250 employees have cyber insurance, while only 21% of US companies with fewer than 250 employees can say the same. In addition, more than half (52%) of US small businesses say they have no intention of securing cyber insurance, while only 9% of their larger counterparts say the same.
This year appears to be a step back. The 2017 Hiscox Cyber Readiness Report, which surveyed managers and IT specialists at 3,000 small to large companies in the US, UK and Germany found that 53 percent of businesses to be ill-prepared to deal with cyber-attacks. That study, similar to this year’s study, assessed firms according to their cyber readiness in four key areas – strategy, resourcing, technology and process – and ranked them from novice to expert.