NEW YORK, April 23, 2019 /PRNewswire/ -- Hiscox, the
international specialist insurer, today released The Hiscox Cyber
Readiness Report 2019™, which gauges how prepared businesses are to
combat cyber attacks. The annual report surveyed nearly 5,400
professionals from the US, UK, Germany, Belgium, France, Spain
and the Netherlands who are
responsible for their company's cybersecurity and found that the
cost and frequency of attacks are on the rise. Sixty-one percent of
firms experienced a cyber attack in the past year, compared to 45%
in 2018. The median cost for losses associated with cyber incidents
also soared from $229,000 to
$369,000.
To determine the respondents' preparedness to handle cyber
attacks, Hiscox evaluated the firms' strategy (oversight and
resourcing) and execution (technology and process) and ranked them
as a 'cyber novice,' 'cyber intermediate' or 'cyber expert.'
Key findings specific to the more than 1,000 US companies
surveyed include:
- Leaky bucket budgets: Seventy-two percent of firms plan
to increase spending on cyber security in the coming year. However,
increased spend without proper infrastructure and training is the
equivalent of pouring water into a leaky bucket. Only 11% of
respondents cited increased spending on employee training and
culture changes as a result of a cyber security incident, both of
which are crucial components of a company's defense against cyber
risks.
- Attacks are on the rise: Fifty-three percent of
respondents reported an attack in the past 12 months, compared to
38% last year. Many companies do not take proper action following
an attack, with 45% of companies reporting experiencing three or
more attacks in the past year. Cyber incidents come with a large
price tag. The mean cost of cyber incidents in the US was
$119,000.
- Fewer large companies are 'cyber experts:' While it
would seem they have the resources to be prepared, only 11% of
large and enterprise firms ranked as 'cyber experts,' compared to
26% of large and enterprise firms last year.
- Unexpected risks in the supply chain: Fifty-six
percent of firms experienced cyber-related issues in their supply
chain in the past year. However, only 7% of respondents cited
increased evaluation of the supply chain as a result of a cyber
security incident occurring in the past 12 months.
- Lack of insurance heightens the stakes: Twenty-seven
percent of respondents have no plans to purchase cyber insurance,
and 5% are unsure of what cyber insurance is.
"The message that cyber risk is a real threat to businesses of
all sizes is sinking in. Companies are increasingly aware of the
risks and pouring more resources into cyber protection, and yet,
there is still a tremendous gap between awareness of the issue and
actually having an effective defense," said Meghan Hannes, Cyber Product Head for Hiscox in
the US. "Many believe that increasing cyber-related spending fully
protects a business, but it isn't enough. Businesses must take a
holistic approach, ensuring they can properly maximize their
investment with appropriate internal protocols, staffing, and
employee training, ultimately creating a human firewall as the
first line of defense."
Creating a Line of Defense: Cybersecurity Best
Practices
Based off Hiscox's proprietary module, companies in the seven
countries surveyed had to achieve a minimum score of 4.0/5 in
strategy and execution to qualify as a 'cyber expert.' The study
identified 'cyber expert' best practices that 'cyber novices' lack,
and, based on the global findings, these include:
- Securing executive buy-in: Only 54% of 'cyber novices'
globally believe cybersecurity is a top priority for their firm's
executive management/board as compared to 85% percent of 'cyber
experts.'
- Creating a well-defined strategy with input from multiple
stakeholders and determining a formal and adequate cyber
budget: On average, 'cyber experts' globally devote 14.7% of
their IT budget to cybersecurity, but 'cyber novices''
cybersecurity spending accounts for just 8.7% of their overall IT
budget.
- Dedicating a cyber head tasked with overseeing the strategy,
supported by a team if necessary: Globally, 51% of 'cyber
experts' have a dedicated leader who oversees cybersecurity,
compared to just 39% of 'cyber novices.'
- Regularly evaluating the supply chain: Only 18% of
'cyber novices' strongly feel that they have good visibility into
their suppliers' security arrangements, compared to 34% of 'cyber
experts' globally.
- Defining a process that spans from when a cyber incident is
detected to when it has been mitigated, and making sure employees
are ready to learn, respond and make changes to this process if an
incident occurs: Eighty-five percent of all 'cyber experts'
have a clearly defined cybersecurity strategy, compared to just 53%
of 'cyber novices.'
- Conducting proactive testing through simulated attacks and
regular phishing experiments: Forty-one percent of 'cyber
novices' globally have conducted phishing experiments to understand
employee behavior and readiness for attacks, compared to 69% of
'cyber experts.'
- Insuring your business with a cyber policy: Globally,
59% of 'cyber experts' currently have already adopted cyber
insurance, compared to only 37% of 'cyber novices.'
Hiscox USA provides a variety
of specialty risk solutions including a broad spectrum of
professional errors & omissions, general liability, cyber and
data security, media liability, management liability, crime, kidnap
& ransom, terrorism and commercial property insurance
products.
Hiscox offers an online interactive suite of cyber security
training modules included as part of its Cyber and
data insurance policies that helps customers prepare their
employees and reduce the risk of a cyber incident occurring.
In the US, Hiscox has offices in New
York, NY; Atlanta, GA;
Chicago, IL; Dallas, TX; Los
Angeles, CA; Phoenix, AZ;
San Francisco, CA and White Plains, NY.
Related Materials:
The Hiscox Cyber Readiness Report 2019™
About the Study
Hiscox commissioned Forrester Consulting to assess
organizations' cyber readiness. In total 5,392 professionals
responsible for their organization's cyber security strategy were
contacted (1,000 plus each from the UK, US and Germany, and 500 each from Belgium, France, Spain
and the Netherlands). Thirty-nine
percent of respondents were from organizations with fewer than 50
employees (small firms), 16% from medium-sized firms employing
50-249 people, 16% from large firms employing 250-999 personnel and
the remaining 28% from enterprises with 1,000 or more employees.
Respondents completed the online survey between 22 October and
7 December 2018.
About The Hiscox Group
Hiscox is a global specialist insurer, headquartered in
Bermuda and listed on the London
Stock Exchange (LSE:HSX). Our ambition is to be a respected
specialist insurer with a diverse portfolio by product and
geography. We believe that building balance between
catastrophe-exposed business and less volatile local specialty
business gives us opportunities for profitable growth throughout
the insurance cycle. It's a long-standing strategy which in 2018
saw the business deliver a profit before tax of $137.4 million in a challenging year for
insurers.
The Hiscox Group employs over 3,300 people in 14 countries, and
has customers worldwide. Through the retail businesses in the UK,
Europe, Asia and the US, we offer a range of
specialist insurance for professionals and business customers as
well as homeowners. Internationally traded, bigger ticket business
and reinsurance is underwritten through Hiscox London Market and
Hiscox Re & ILS. In the US, Hiscox underwrites admitted
insurance products through Hiscox Insurance Company Inc., a
Chicago-based insurer.
Our values define our business, with a focus on people, quality,
courage and excellence in execution. We pride ourselves on being
true to our word and our award-winning claims service is testament
to that. For more information, visit www.hiscoxgroup.com.
Follow Hiscox USA on Twitter
@Hiscox_USA and @HiscoxSmallbiz.
The content provided above is provided for general informational
purposes, but is not intended, nor shall it be deemed, to be
business, legal or insurance advice for any particular or specific
person or entity.
Media Contacts
Lou Casale
Hiscox USA
+1 646 442 8341
Lou.Casale@hiscox.com
Gyawu Mahama
Hiscox USA
+1 678 781 6003
Gyawu.Mahama@hiscox.com
View original
content:http://www.prnewswire.com/news-releases/cost-and-frequency-of-cyber-attacks-on-the-rise-yet-companies-are-less-prepared-to-combat-attacks-according-to-hiscox-cyber-readiness-report-300836008.html
SOURCE Hiscox