Businesses Face Fewer Cyber Events, But the Attacks Are More Costly

By Meghan Hannes | September 24, 2020

The stakes are higher than ever for businesses when it comes to cyber risk, especially with the added complexity of COVID-19 thrown into the mix. Yet, even before the global pandemic struck, companies had been taking more action than ever before to shore up their cyber defenses.

The Hiscox Cyber Readiness Report 2020 surveyed 5,569 professionals from the U.S., UK, Belgium, France, Germany, the Netherlands, Spain and Ireland who are responsible for their company’s cyber security, between Dec. 24, 2019, and Feb. 3, 2020 and found that U.S. businesses increased their average cyber-security spending within their IT budgets by 61% to $2.4 million.

However, it’s not all good news as the report also found that greater financial damage is being caused by fewer attacks, showing that new cyber battle tactics are emerging.

Cyber Criminals Getting Smarter

It appears U.S. businesses are building stronger cyber defenses, as only 41% of firms reported an incident or breach in this year’s report, down from 53% the year prior. The report, which scored firms on strategy, resourcing, technology and process, found that the number of cyber experts among U.S. firms more than doubled to 24%, while the cyber novice category saw a commensurate decline, from 73% to 58%.

“COVID-19 has without a doubt exacerbated existing security issues with people working from home on a global scale, creating a significant opportunity for cyber criminals.” — Meghan Hannes, Hiscox US

However, despite firms’ tougher cyber defenses, cyber criminals have gotten smarter. They’ve elevated their own strategies, wreaking greater devastation in fewer, more sophisticated attacks. Cyber losses among U.S. businesses rose four-fold, from a median of $10,000 per firm to $57,000. While firms are bolstering their cyber defenses by taking proactive measures to mitigate future risks, nearly half of respondents (48%) said they believe their businesses remain at risk for a cyber event, confirming that despite their level of cyber preparedness, no business is immune.

Proactive and Reactive Measures

As more and more businesses realize the potential severity of a cyber incident, we’re seeing a change in the amount of combative action being taken. While 39% of U.S. organizations reported they did not take action after a security incident last year, this figure fell dramatically to 3% in this year’s report, showing a vast improvement in businesses’ attitudes towards cyber readiness.

Strategies companies deployed included regularly evaluating and discussing security and privacy, increasing spending on employee training and cultural changes and creating additional security and audit requirements.

This change in attitude is not a moment too soon – 15% of businesses reported bad publicity had an impact on their brand or reputation as a result of a cyber incident or breach compared to just 3% in last year’s report. Businesses also experienced greater difficulty in attracting new customers following an incident or breach, with 17% reporting challenges compared to 3% saying the same the year prior. These changes show that cyber security is increasingly a “must have” element of business plans, rather than a “nice to have.”

The Impact of COVID-19

While the research for the report was conducted prior to the coronavirus pandemic, COVID-19 has without a doubt exacerbated existing security issues with people working from home on a global scale, creating a significant opportunity for cyber criminals. They are exploiting employees’ ignorance of cyber security best practices and the reduced level of protection many users have at home. Employees working from home or in new remote locations may use less secure passwords or be more likely to reply to a phishing email than they would when they were in the office, granting hackers easier access to their information.

COVID-19 has created new, lucrative opportunities for cyber criminals, and businesses must evolve their cyber strategies to remain shielded. While businesses may not be in a position to increase spending now with COVID-19, the report shows that more businesses are taking cyber risks seriously and businesses cannot afford to lose momentum on incorporating these changes.

A 3-Step Approach to Protect Your Business

Implementing a three-step approach to become and continue to be cyber ready is critical to a business’s ultimate success.

  1. Prevent attacks on your business with adequate security measures and education. Training staff on how to protect the information your business stores and uses effectively to create a “human firewall” that guards your system from intrusion. This should be your first line of defense against hackers.
  2. Detect an attack quickly by maintaining a comprehensive security protocol and response plan. Teaching staff how to spot a phishing email, requiring two-factor authentication and utilizing strong passwords can go a long way towards keeping your sensitive information safe.
  3. Mitigate the financial impact of an attack with a stand-alone cyber insurance policy or a cyber endorsement on your commercial policy. Cyber insurance can cover the costs associated with recovering data and notifying impacted parties.

Businesses have been pushed into an unforgiving new world in 2020. Cyber criminals won’t concede or offer any form of relief, further underscoring the importance of integrating cyber into a business’s risk management strategy.

The contents of this article do not offer legal, business or insurance advice related to the needs of any specific individual business.

About Meghan Hannes

Meghan Hannes serves as a Cyber Product Head for Hiscox U.S., a business segment of Hiscox Ltd., a Bermuda-incorporated insurance provider. Since joining Hiscox in 2018, Hannes’ responsibilities have included setting and executing the strategic direction of the cyber liability line of business. Prior to Hiscox, she held various senior level underwriting positions at AXIS Insurance and The Hartford, Chubb Group of Insurance Cos. She also served as director of Underwriting at start-up insurer CloudInsure.

Was this article valuable?

Here are more articles you may enjoy.