With high profile data breaches consistently in the news, it is reasonable for businesses to be concerned about cybersecurity. Implementation of GDPR last year has also encouraged organisations operating in Europe to consider how they handle and protect data.
The 2019 Hiscox Cyber Readiness Report surveyed over 5,000 businesses to get an idea of their approach to cybersecurity strategy over the past year. The report spoke to organisations of a variety of sizes across seven countries and a number of sectors about their experiences with cyber threats and attacks.
The report revealed a lot about the kind of cyber risks businesses currently face and how they respond to them, including these four particularly interesting insights.
Cyberattacks are rising
61% of businesses reported a cyberattack in the past year, a drastic increase from the 45% noted in the 2019 survey. Across multiple categories of breach, every one saw more attacks occur in 2019. If nothing else, it is abundantly clear that businesses need to be protected on all sides.
The report found that organisations are more likely to suffer repeated attacks. Businesses that experienced four or more incidents rose from 20% to 30%.
The report found consistently across all sectors and places in the world that cyberattacks are getting more frequent and persistent. Any business that isn’t on top of essential cybersecurity measures is exposing itself to serious risks due to the sheer volume of digital threats modern organisations face.
SMBs are increasingly popular targets
Both small- and medium-sized businesses reported significantly more cyberattacks in 2019 than 2018. 47% of small businesses experienced an attack in 2019, up from 33% in 2018. The amount of medium-sized businesses that experienced an attack rose from 36% in 2018 in 63% in 2019.
Even though large organisations are still the most likely to be targeted by cybercriminals, smaller enterprises with less extensive resources to protect themselves are becoming more popular marks.
This is particularly worrying, as the 2019 SMB Cyberthreat Study [https://keepersecurity.com/blog/2019/07/24/cyber-mindset-exposed-keeper-unveils-its-2019-smb-cyberthreat-study/] found that 66% of SMBs believe that they are unlikely to suffer a cyberattack. This misconception could be part of the reason they are becoming such attractive targets to criminals. Businesses that don’t realise they are at risk may be more lax with their security and make themselves easier to exploit.
Cyberattacks cost more
Several of the businesses surveyed tracked the financial damage caused by the cyberattacks they suffered. Over the course of the year, the average cost of an attack rose by 61%, from $229,000 to $369,000. This makes the total cost to businesses hit by cyberattacks $1.2 billion just in the year covered by the report. This is more than double the estimate cost recorded in the 2018 report.
Medium and large organisations in particular have suffered disproportionately growing costs. While the average cost of an incident for small businesses has actually decreased considerably, large and medium businesses are looking at enormously higher expense following cyberattacks.
Criminals are exploiting weakness in supply chain cybersecurity
Unlike in previous reports, the 2019 survey included questions about organisations’ supplier networks. Overall 65% of respondents claimed to have experienced at least one cyberattack due to weakness in supply chain cybersecurity.
Many businesses have already taken steps to protect themselves against this. Over half of the companies involved in the study include cybersecurity measures in their contracts with external suppliers. 74% of organisations regularly evaluate the security of their supplier networks.
These positive steps show that businesses do take the safety of their data and their customer data seriously. Hopefully this will mean a reduction in the number of incidents recorded in next year’s report.