Seven out of ten organisations fail cyber security test
Seven out of ten organisations fail cyber security readiness test, according to a recent study commissioned by specialist insurer Hiscox, suggesting major shortcomings.
The Hiscox Cyber Readiness Report 2018 surveyed a representative sample of private and public sector organisations in the UK, US, Germany, Spain and the Netherlands. It assessed each organisation according to their cyber security strategy and the quality of its execution – and ranked them accordingly.
The study of more than 4,000 organisations revealed that only 11 percent scored highly enough in both cyber security strategy and the quality of its execution to qualify as cyber security ‘experts’. One in six firms (16 percent) achieved expert status in either strategy or execution, but not both.
According to the study, larger organisations (those with 250-plus employees) are better prepared. One in five (21 percent) rank as cyber security experts and a further 17 percent pass the expert test in either strategy or execution. Just 7 percent of smaller organisations (250 or fewer employees) make the grade as experts.
The average organisation in the report spends $11.2 million a year on IT and devotes 10.5 percent of it to cyber security. However, the organisations that rank as cyber experts spend twice as much on IT as those that failed the test ($19.8 million on average versus $9.9 million) and devote a higher proportion to cyber security (12.6 percent versus 9.9 percent). Smaller firms lack resources, directing on average 9.8 percent of their IT budget to cyber security compared with 12.2 percent for larger organisations.
Nearly three out of five respondents (59 percent) plan to increase their cyber security budgets in the year ahead. New technology tops the shopping list despite this being the area where the bulk of firms appear best prepared. The experts lead the way: for example, more than half (55 percent) plan to increase spending on awareness training compared with only 29 percent of organisations that failed the cyber readiness test.
Almost half (45 percent) of the organisations surveyed report at least one cyber attack in the past year. Two-thirds of those targeted suffered two or more attacks. Financial services, energy, telecoms and government entities were the prime targets.
Among organisations that were targeted in the past year, the average cost of all incidents was $229,000. For organisations with 1,000-plus employees, the average costs ranged between $356,000 in Spain and $1.05 million in the US. Individual organisations faced still higher costs – up to $20 million in the UK and Germany and $25 million in the US.
“This report shines a light not only on the financial consequences of cyber incidents but also on the enormous investment being made to counter the threat,” said Steve Langan, chief executive of Hiscox Insurance Company. “Importantly, it offers a picture of what best practice looks like. Often the answer is not ‘more technology’ but proactive thinking, more rigorous processes and better trained staff. We hope it will serve as a roadmap for all those organisations that still have some way to go.”
Join us at Intelligent Automation in Insurance - London 2018. Book by Feb 28th and you could save £300.
More of today's news
Munich Re reports strong growth at January renewals
Enstar buys KaylaRe in $400m deal
Chubb appoints new chief claims officer
Strong Q4 props Everest Re’s 2017 results
Assured Guaranty strikes $13.5bn reinsurance deal with Syncora
