Hiscox report warns hacks are on the rise

dlanor-s-703975-unsplash.jpg

The Hiscox Cyber Readiness Report 2019 has just been published though you’ll be hard pressed to find a copy on line just now. It’s been sent to media organisations and once they’ve had their fun with it no doubt it will be made available to us lesser mortals.

The headlines make for painful reading for UK businesses, but of course you’ll be aware that Hiscox offer cyber insurance so it’s hardly in their interest to suggest that everything in the cyber-garden is rosy.

The insurer surveyed more than 5,400 organisations in both the public and private sectors in the UK, US, Belgium, France, Germany, Spain and the Netherlands, and found only 10% of those surveyed achieved ‘cyber security expert’ status. Right now, I have no idea how that ranking is achieved or what it means, but perhaps once we get our hands on the report it will be made clear.

The report is full of dread warnings for SMEs with Hiscox cyber-expert, Gareth Wharton, saying: “Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The cyber threat has become the unavoidable cost of doing business today.”

  • Hiscox found 55% of organisations surveyed had faced an attack in 2019, up from 40% last year.

  • The proportion of small firms reporting an incident was up from 33% to 47%.

  • Average losses associated with all cyber incidents rose from $229,000 (£176,000) last year to $369,000 (£284,000), a 61% increase.

Apparently, UK firms spend less on cyber security than in other countries with an average spend of around $900,000 compared with $1.46m across the group.

The new General Data Protection Regulations, which carry with them the prospect of giant regulatory fines, seem to have spurred some businesses into action with eight in ten UK firms saying they have made some changes since the introduction of GDPR last year.

From a crisis management point of view, it’s interesting to note that firms in the UK and the US are the least likely to have a ‘defined role for cyber security’ on their staff.

Perish the thought, but if the report is subliminally suggesting that businesses might be wise to take out cyber insurance, could I, as someone who works in crisis management, subliminally suggest it might be wise for firms to have someone in charge of cyber security!

Jim Preen (Head of media)

Cyber, Data-breachJim Preen