The comprehensive study, known as the “Hiscox Cyber Readiness Report,” draws insights from over 5,000 organisations globally, spanning various sizes and industries.
The report reveals compelling findings, with a significant five-point increase from the previous year, indicating that over 53% of surveyed businesses have reported experiencing at least one cyber attack in the past year.
Of particular concern is the surge in cyber attacks targeting small businesses, especially those with fewer than ten employees. This segment has witnessed a notable increase from 23% to 36% over the past three years, pointing to a deliberate targeting of vulnerabilities within smaller IT infrastructures.
Moreover, the report sheds light on the lack of confidence among smaller businesses (less than 250 employees) in handling such attacks. Only 61% feel adequately prepared, in contrast to 71% of their larger counterparts.
In response to these threats, ransom payments persist as a common recourse, with 63% of affected businesses willing to pay to safeguard their assets. However, there is a slight reduction in the median cost of attacks from $17,000 to slightly over $16,000.
The severity of cyber risks is underscored by 21% of attacked firms reporting that these threats pose a significant risk to their business viability.
Business Email Compromise (BEC) remains the preferred weapon of choice for hackers, continuing to afflict businesses. The report notes that one in three companies experiences payment diversion fraud (PDF) due to cyber attacks.
Addressing this mounting challenge, companies have significantly increased their cybersecurity investments, with a 39% rise over the past three years, reaching a median of $155,000. Notably, smaller businesses have quadrupled their cybersecurity spending over the last two years, reaching a median of $8,100.
Eddie Lamb, the Global Director of Cyber Education and Advisory at Hiscox, commended businesses for investing more in cybersecurity. However, he cautioned that staying ahead of hackers, who continually innovate tactics like business email compromise, remains a formidable challenge in the ever-evolving landscape of cyber threats.
Lamb said: “…it’s so important that businesses consistently update and manage their defences to stay one step ahead of the cyber criminals, which is something we spend a lot of time supporting our clients with.”
In a report earlier this year, Tim Andrews, Lead Underwriter for Hiscox, said: “The frequency and size of ransomware attacks has started to spread from organisations primarily based in developed economies in the northern hemisphere, to include more targets in the southern hemisphere including the Middle East, Asia, Australia, as well as South America. The cause is related to a complex set of factors.”
Andrews went on to point out that a global record of reported ransomware attacks maintained by cyber security information provider Comparitech reveals that back in 2018, ransomware was mainly a northern hemisphere problem.
He added: “But by 2022, the number of attacks in the southern hemisphere had begun to proliferate particularly in South America, as well as Africa, across the Middle East, East and South East Asia, and is likely to be worse than reported.”
Author: Joanna England
