Hiscox Cyber Readiness Report reveals seven out of ten firms fail cyber security readiness test

Large US businesses lose average of $1.05 million to cybercrime annually

New York, New York, UNITED STATES

NEW YORK, NY, Feb. 06, 2018 (GLOBE NEWSWIRE) -- A study released today by specialist insurer Hiscox revealed that nearly three-quarters (73%) of firms face major shortcomings in cyber security readiness. The Hiscox Cyber Readiness Report 2018™, which gauges how prepared businesses are to manage cyber threats, surveyed department managers, IT specialists and key professionals at more than 4,100 small to large companies in the US, UK, Germany, Spain and the Netherlands. It assessed and ranked each organization according to its cyber security strategy and the quality of its execution. The US topped the list in cyber expertise, with 13% ranking as ‘cyber experts’ compared to 11% of global respondents. Almost half (45%) of businesses surveyed globally reported at least one cyber attack in the past year; two-thirds of those targeted suffered two or more attacks.

Among the key findings of more than 1,000 companies surveyed in the US:

  • Cyber threat ranks as a top risk: While many firms may lack adequate defenses, two-thirds of respondents (69%) rank the threat of a cyber-attack alongside fraud as a top risk to their businesses.  
  • Cyber security spending on the rise: As firms increasingly recognize the dangerous impact of a cyber attack, it necessitates the demand for protective and preventive resources. Almost 60% of survey respondents believe their overall cyber security spending budget will increase by five percent or more. The average IT budget of survey respondents in the US is $11.65 million, with 10.6% being devoted to cyber security.
  • Employee training works: Of the organizations making an investment in cyber security efforts, 54% indicated that employee training helped reduce the number of cyber hacks and incidents. Furthermore, 43% of US companies reported conducting cyber security exercises, such as phishing experiments, to understand employee behavior and readiness for an attack.
  • Costs range up to $25 million: Among the largest organizations (more than 1,000 employees), the average cost of cybercrime, aggregating all incidents over the past year, was $1.05 million. Some of these larger organizations faced even higher costs than the average of up to $25 million annually.
  • Small businesses behind the cyber insurance curve: Despite an increase in spending across the board, there is a stark difference between how small and large businesses view cyber insurance. Fifty-eight percent of US companies with more than 250 employees have cyber insurance, while only 21% of US companies with fewer than 250 employees can say the same. In addition, more than half (52%) of US small businesses say they have no intention of securing cyber insurance, while only 9% of their larger counterparts say the same.

“As threats become more advanced and sophisticated, cyber readiness is no longer a ‘nice to have’ but a ‘must have’ for businesses of all sizes,” said Dan Burke, Vice President and Cyber Product Head for Hiscox in the US. “There needs to be a dedicated investment, and not just a financial one, in order prevent, detect and mitigate cyber attacks. Beyond the allocation of funds, an organization must focus on its people, its thinking and its processes, in order to become a cyber expert.”

Becoming a Cyber Expert

To determine a firm’s cyber readiness, in a module proprietary to Hiscox, organizations in the five countries surveyed had to achieve a minimum score of 4.0/5 in four metrics to qualify as cyber experts. Here are the top factors that divide the cyber experts from the cyber novices globally:

  • Strategy: Nine-out-of-ten cyber experts globally (89%) have a clearly defined cyber security strategy compared to nearly half (49%) of cyber novices. Cyber experts are likely to have put a formal budgeting process in place, which is integrated into all security projects and activities.
  • Engagement: Cyber experts get support from the senior leaders and engage a broader range of stakeholders when setting their organization’s cyber security strategy. Experts are more than twice as likely to agree that ‘there is formal support for cyber security from business leaders and executives on an ongoing basis’ (86% versus 38% for cyber novices).  
  • Organizational leadership: Just over half (52%) of all cyber experts globally have a dedicated leader or executive responsible for cyber security and 46% say they have a dedicated team to support that leader. By comparison, cyber novices are roughly half as prepared in this way as the experts.
  • Training and evaluation: Ninety percent of all cyber experts review the cyber security competence of their people on a regular basis, using established metrics. And cyber security competence forms have become a part of regular performance evaluations.
  • Willingness to respond: The cyber experts elevate themselves above the cyber novices by their readiness to make changes in response to a cyber security incident. Nearly three-quarters (72%) of those who experienced an incident in the past year increased their security measures, whereas more than half of those organizations classified as cyber novices (51%) failed to act. 
  • Investment: The expert organizations devote a greater proportion of their IT budget to cyber than the novices. Furthermore, far more experts intend to increase their spending across every area in the coming 12 months, from staffing, training and technology to outsourcing and consultancy.
  • Insurance: Based on all respondents globally, 60% of the cyber experts have taken out cyber insurance, and 31% plan to do so in the future. By contrast, barely a quarter (26%) of the cyber novices say they have cyber cover – though a further quarter (24%) plan to take out cover in the next 12 months.

Related Materials

A full copy of The Hiscox Cyber Readiness Report 2018™ can be accessed at www.hiscox.com/cybersecurity.

About the study

Hiscox commissioned Forrester Consulting to assess organizations’ cyber readiness. In total 4,103 professionals responsible for their organization’s cyber security strategy were contacted (1,000 plus each from the UK, US, and Germany, and 500 each from Spain and the Netherlands). Drawn from a representative sample of organizations by size and sector, these are the men and women on the front line of the business battle against cybercrime. While all are involved to a greater or lesser extent in their organization’s cyber security effort, more than 30% make the final decision on how their business should respond. Respondents completed the online survey between October 12, 2017 and November 10, 2017.

About Hiscox

Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected specialist insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle. It’s a long-standing strategy which in 2016 helped generate gross premiums written of £2,402.6 million and a record profit before tax of £354.5 million.

The Hiscox Group employs over 2,300 people in 13 countries, and has customers worldwide. Through the retail businesses in the UK, Europe and the US, we offer a range of specialist insurance for professionals and business customers as well as homeowners. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re and ILS.

Our values define our business, with a focus on people, quality, courage and excellence in execution. We pride ourselves on being true to our word and our award-winning claims service is testament to that. This information is neither intended nor should be construed to be a solicitation for the purchase of insurance by any US person or entity. For further information visit www.hiscox.com.

Follow Hiscox USA on Twitter @Hiscox_USA and @HiscoxSmallbiz.

The content provided above is provided for general informational purposes, but is not intended, nor shall it be deemed, to be business, legal or insurance advice for any particular or specific person or entity.


A photo accompanying this announcement is available at http://www.globenewswire.com/NewsRoom/AttachmentNg/8a6f1ab9-31a5-49f6-ad85-bbf9d83b507c


Contact Data