Average Cost Of A Cyber Attack Increases By 80%

Uploaded on 2022-10-11 in FREE TO VIEW, BUSINESS-Services-Financial

In seven out of eight countries, cyber attacks are now seen as the biggest risk to business, more than  COVID-19, economic turmoil, skills shortages, and other issues. Indeed, cyber threats are viewed as the dominant risk with the median cost of a cyber attack on a US-based business costing $18,000, up from $10,000 the previous year. 

The leading specialist insurance company Hiscox commissioned Forrester Consulting to survey more than 5,000 security professionals in the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland for its Cyber Readiness Report 2022. 

Cyberattacks were the biggest concern of the 900 firms surveyed in the U.S. at 46%, outpacing the pandemic (43%) or skills shortage (38%).

Almost half of businesses in the U.S. (47%) suffered a cyberattack in the last 12 months, an increase of 7% from the previous year, while the most common entry point for all surveyed countries was a corporate server in the cloud (41%), followed closely by business email (40%).

While the cyber criminals have long targeted high-value companies, it is clear they are now moving down the food chain. International agencies have recently warned that more mid- and small-sized businesses are being targeted and this is borne out in this year’s report by Hiscox.

Despite leading the other seven countries in cyber maturity, scoring 3.05 compared with an average of 2.94, 84% of companies based in the U.S. that experienced a ransomware attack paid to recover data. The number of U.S. firms with standalone cyber insurance remained steady at 34%. “Despite 61% of survey respondents now being back in the office, businesses are still experiencing a hangover from the pandemic,” said Alannah Paul, cyber product head for Hiscox in the U.S.

“Remote working provided a year-long Christmas for cyber criminals, and we can see the results of their cyber-feast in the increased frequency and cost of attacks. As we move into a new era of hybrid working, we all have an increased responsibility to continue learning, and managing our own cybersecurity.” according to Paul.

The annual Hiscox Cyber Readiness Report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 5,000 professionals responsible for their company’s cyber security.
This includes firms from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland. 

Key findings specific to the more than 900 US professionals surveyed include:

 

  • Cyber attacks are a bigger worry for US businesses than the ‘great reshuffle’: US businesses are more concerned about cyber attacks (46%), than the pandemic (43%), or skills shortages (38%).
  • The number of attacks is rising: the survey results indicate that in the past year, there has been a 7% increase in cyber attacks on US businesses. To date, roughly half of all US businesses (47%) have suffered an attack in the past 12 months.
  • Each attack is costing businesses more: The median cost of an attack as of 2022 is $18,000, up from $10,000 last year. The US has also borne a generally higher cost from cyberattacks, with 40% of those suffering attacks incurring costs of $25,000 or more. The most common point of entry was a corporate server in the cloud.
  • The pandemic has prompted businesses to double their IT spend: Despite remote working nearly halving from 62% of the workforce in 2021, to 39% of the workforce by 2022, total IT spending has risen from $11.5m in 2021, to $24.2m in 2022.
  • The US is a global leader in cyber maturity, but is also most likely to pay a ransom: The US had the highest cyber maturity score of 3.05 compared to the average of 2.94. Nonetheless, US companies were the most likely to pay a ransom to recover data, with 84% of companies that experienced a ransomware attack paying up.
  • More businesses are considering purchasing a standalone cyber insurance policy: The number of US businesses that have a standalone cyber insurance policy remained stable at 34%, in comparison to the number of businesses without a policy or any plan to purchase one, which dropped from 18% in 2021 to 12% in 2022.

The survey was conducted between Nov. 30, 2021, and Jan. 21, 2022. The median cost of a cyberattack for all surveyed countries was just under $17,000, an increase of 30% from the year before.

Hiscox:      Hiscox:      Dark Reading:    Varonis:     SC Magazine

You Might Also Read: 

The Most Expensive Data Breaches:

 

« October Is Cyber Security Awareness Month
Developing Nations Face The Biggest Cyber Security Challenges »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Delphix

Delphix

Delphix is the industry leader for DevOps test data management.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

NetExtend

NetExtend

NetExtend services include backup and recovery, endpoint protection, network monitoring, cloud portal and billing and payment solutions.

DXC Technology

DXC Technology

DXC Technology helps global companies run their mission critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Matta

Matta

Matta is a cyber security consulting company providing information security services and solutions including vulnerability assessments, penetration testing and emergency response.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

NITA Uganda (NITA-U)

NITA Uganda (NITA-U)

NITA-U has put in place the Information security framework to provide Uganda with the necessary process, policies, standards and guideline to help in Information Assurance.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

Forgepoint Capital

Forgepoint Capital

ForgePoint Capital is a premier venture investor for early stage cybersecurity companies.

HackControl

HackControl

HackControl services include penetration tests, security audits, block chain audits and brand and anti-phishing protection.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

Q6 Cyber

Q6 Cyber

Q6 Cyber is an innovative threat intelligence company collecting targeted and actionable threat intelligence related to cyber attacks, fraud activity, and existing data breaches.

usecure

usecure

usecure is a global provider of computer-based cyber security awareness training, offering the market’s most time-efficient, cost-effective and admin-lite solution for reducing insider threats.

Symptai Consulting

Symptai Consulting

Symptai Consulting is a leading Cyber Security, Digital Transformation and Anti-Money Laundering firm serving the Caribbean and the wider world.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.