Hackers Don't Only Target Big Business

Barely a week goes by without news of a major cyber incident being reported, and the stakes have never been higher. Data theft has become commonplace; the scale of ransom demands has risen steadily; and cumulatively the environment in which businesses must operate is increasingly cyber hostile.

The cyber threat has now become the unavoidable cost of doing business today and more security and training should be undertaken by organisations of all sizes. 

The new Hiscox Cyber Readiness Report 2019 explains that for the first time, a significant number of the firms surveyed, said they experienced one or more cyber-attacks recently in the last 12 months. Both the cost and frequency of attacks have increased markedly compared with a year ago, and where hackers formerly focused mainly on larger companies, small-and-medium -sized firms are now equally vulnerable.

Regulation is going some way to improving awareness and mandating a baseline of cyber security rigour.

In 2018, we saw the introduction of the EU’s General Data Protection Regulation (GDPR), to which businesses have adapted, and a by-product of this has been an uptick in demand for cyber insurance.

Significant Rise in Cyber-Attacks

The proportion of respondents reporting a cyber incident has risen from 45% last year to 61%, and the figures are higher in every category of breach.

Nearly a quarter of firms (24%) report a virus or worm infestation and 17% a ransomware attack. The number suffering a distributed denial-of-service (DDoS) attack is up from 10% to 15%.

The frequency of attacks has also increased markedly. Among firms that experienced cyber-attacks, the proportion reporting four or more incidents is up from 20% to 30%.

Small Business Attacks Have Increased

An increasing proportion of smaller firms are now caught up in the cyber battle. Small and medium sized firms are much more likely to have suffered multiple attacks this year, and on average the proportion of small and medium firms that have had an attack has increased 59%.

Bigger firms are more likely to have suffered repeat incidents. More than a fifth (21%) experienced five or more attacks in the year compared with an average of 16% for all respondents.

It is possible of course that larger businesses are simply better at spotting data breaches than smaller ones.

However, the implementation of GDPR last year has obliged larger firms, which stand to suffer big penalties for extensive breaches or failure to report an incident in a timely manner, to become more watchful and keener to report when incidents occur.

Cloud Risks

Many more respondents this year report problems with outages from third-party cloud providers (22%, up from 13%). Dutch firms were worst hit, with more than 27% of those that suffered cyber incidents reporting cloud outages, while across the respondent pool large and enterprise firms are more likely to suffer a cloud-related incident at 27% and 22% respectively.

This doubtless reflects the propensity for firms to push more of their data into the cloud as they grow.

Cyber Losses Increase

Businesses worldwide are suffering mounting losses from cyber-crime.

Of the 3,300 firms in our survey that suffered attacks, around 2,250 tracked the costs to their business.

Counting all incidents suffered over a 12-month period, the mean cost to those businesses rose from $229,000 to $369,000, an increase of 61%. Assuming a similar experience among those firms that failed to track or quantify the impact of cyber-attacks, the total cost for all 3,300 targeted firms was around $1.2 billion.

Adjusting for the increase in both the scale of the study group this year and the numbers targeted, that is more than double the cost registered in last year’s Report.

Hiscox:

You Might Also Read:

A Cybersecurity Guide For Small Business:

Cultural Strategies For Data Security (£):

 

« Verizon 2019 Data Breach Report
What's Your Data Strategy? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

Syskode Technologies

Syskode Technologies

Sykode Technologies is a next-generation global technology company offering an integrated portfolio of advisory services, products and solutions in areas including AI, IoT and Cyber Security.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Innovasec

Innovasec

Innovasec provide information security consulting and training services.

Andreessen Horowitz (a16z)

Andreessen Horowitz (a16z)

Andreessen Horowitz (known as "a16z") is a venture capital firm in Silicon Valley, California that backs bold entrepreneurs building the future through technology.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

SubRosa Cyber Solutions

SubRosa Cyber Solutions

SubRosa Cyber Solutions solves its clients’ most tenacious information security, risk and compliance challenges through a multitude of information technology services and expertise.

Mindmajix Technologies

Mindmajix Technologies

Mindmajix is a live and interactive e-learning platform that offers professional online IT training in areas including cyber security.

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.