Hackers Don't Only Target Big Business

Barely a week goes by without news of a major cyber incident being reported, and the stakes have never been higher. Data theft has become commonplace; the scale of ransom demands has risen steadily; and cumulatively the environment in which businesses must operate is increasingly cyber hostile.

The cyber threat has now become the unavoidable cost of doing business today and more security and training should be undertaken by organisations of all sizes. 

The new Hiscox Cyber Readiness Report 2019 explains that for the first time, a significant number of the firms surveyed, said they experienced one or more cyber-attacks recently in the last 12 months. Both the cost and frequency of attacks have increased markedly compared with a year ago, and where hackers formerly focused mainly on larger companies, small-and-medium -sized firms are now equally vulnerable.

Regulation is going some way to improving awareness and mandating a baseline of cyber security rigour.

In 2018, we saw the introduction of the EU’s General Data Protection Regulation (GDPR), to which businesses have adapted, and a by-product of this has been an uptick in demand for cyber insurance.

Significant Rise in Cyber-Attacks

The proportion of respondents reporting a cyber incident has risen from 45% last year to 61%, and the figures are higher in every category of breach.

Nearly a quarter of firms (24%) report a virus or worm infestation and 17% a ransomware attack. The number suffering a distributed denial-of-service (DDoS) attack is up from 10% to 15%.

The frequency of attacks has also increased markedly. Among firms that experienced cyber-attacks, the proportion reporting four or more incidents is up from 20% to 30%.

Small Business Attacks Have Increased

An increasing proportion of smaller firms are now caught up in the cyber battle. Small and medium sized firms are much more likely to have suffered multiple attacks this year, and on average the proportion of small and medium firms that have had an attack has increased 59%.

Bigger firms are more likely to have suffered repeat incidents. More than a fifth (21%) experienced five or more attacks in the year compared with an average of 16% for all respondents.

It is possible of course that larger businesses are simply better at spotting data breaches than smaller ones.

However, the implementation of GDPR last year has obliged larger firms, which stand to suffer big penalties for extensive breaches or failure to report an incident in a timely manner, to become more watchful and keener to report when incidents occur.

Cloud Risks

Many more respondents this year report problems with outages from third-party cloud providers (22%, up from 13%). Dutch firms were worst hit, with more than 27% of those that suffered cyber incidents reporting cloud outages, while across the respondent pool large and enterprise firms are more likely to suffer a cloud-related incident at 27% and 22% respectively.

This doubtless reflects the propensity for firms to push more of their data into the cloud as they grow.

Cyber Losses Increase

Businesses worldwide are suffering mounting losses from cyber-crime.

Of the 3,300 firms in our survey that suffered attacks, around 2,250 tracked the costs to their business.

Counting all incidents suffered over a 12-month period, the mean cost to those businesses rose from $229,000 to $369,000, an increase of 61%. Assuming a similar experience among those firms that failed to track or quantify the impact of cyber-attacks, the total cost for all 3,300 targeted firms was around $1.2 billion.

Adjusting for the increase in both the scale of the study group this year and the numbers targeted, that is more than double the cost registered in last year’s Report.

Hiscox:

You Might Also Read:

A Cybersecurity Guide For Small Business:

Cultural Strategies For Data Security (£):

 

« Verizon 2019 Data Breach Report
What's Your Data Strategy? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Owl Cyber Defense

Owl Cyber Defense

Owl patented DualDiode Technology enables hardware-enforced network segmentation and deterministic, one-way transfer of all data types and file sizes.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

Gemserv

Gemserv

Gemserv is a specialist market design, governance and assurance services consultancy.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

AppGuard

AppGuard

AppGuard prevents breaches by blocking applications from performing inappropriate processes using our patented dynamic isolation and inheritance technologies.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

BoldCloud

BoldCloud

BoldCloud's award winning Cybersecurity Advisory services and Layered Security approach adds new critical layers of protection for your data and your business.

BrandProtections.Online

BrandProtections.Online

BrandProtections.online offer end-to-end customer support solutions to help protect against threats which may affect your brand online.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

CyberNet Albania

CyberNet Albania

Cybernet Albania has been providing IT support and services to small businesses since 2016. We strive to eliminate your IT issues before they cause downtime and impact your operations.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.