As Cyber Attacks Increase, Perception of Cyber Risks Continues To Grow

Cyber risk is seen as the top exposure facing businesses in seven of eight countries, according to the recently released Cyber Readiness Report 2022 from Hiscox.

The Hiscox report is based on a survey of 5,181 companies in Belgium, France, Germany, Ireland, the Netherlands, Spain, the United Kingdom, and the United States.

Only Irish businesses ranked cyber attacks as the number two risk, behind pandemics, according to Hiscox.

The survey found 48 percent of companies reporting a cyber attack over the past 12 months, up from 43 percent in last year's survey. And 1 in 5 of the firms reporting an attack said their solvency was threatened, an increase of 24 percent from the 2021 survey.

Hiscox found that the COVID-19 pandemic caused companies to increase their use of cloud services, leading to a significant increase in attacks by way of cloud servers.

According to the report, released earlier this year, the median cost of cyber attacks has increased 29 percent to just under $17,000. The report shows the value of cyber expertise in reducing cyber-attack costs, with median attack costs, as a percentage of revenue, found to be two-and-a-half times higher for businesses considered "cyber novices."

The report found ransomware attacks continuing to increase, with 19 percent of survey respondents reporting that they'd been the victim of a ransomware attack, up from 16 percent last year. Of those businesses experiencing a ransomware attack, two-thirds paid the ransom.

Hiscox also found that more businesses are purchasing cyber insurance. Some 64 percent of companies now have cyber insurance either on a stand-alone basis or as part of another policy, the report says. That's up from 58 percent 2 years ago. And survey respondents' mean cyber-security spending is increasing, according to Hiscox, up 60 percent in the past year to $5.3 million. Mean cyber-security spending has increased 250 percent since 2019, the report says.

"One of the most telling findings in this year's report is that the cyber threat is now seen as the dominant risk to business in seven out of eight countries—ahead of the pandemic, economic downturn, skills shortages, and other issues," Gareth Wharton, cyber CEO at Hiscox, says in the report's introduction. "If awareness of danger is the first step in dealing with it, that is surely an encouraging sign. On the downside, the number of firms reporting attacks has gone up, as has the severity of the attacks themselves. There can be no doubting the scale of the challenge."

Mr. Wharton notes that the survey's findings supported the notion that after years of focusing on large companies, cyber criminals are now attacking small and midsized businesses with increasing frequency. But, while larger businesses are continuing to invest heavily in cyber security, spending by smaller firms fell sharply this year, he says.

"The pandemic may well have played its part here. The move to remote working has prompted many smaller businesses to adopt cloud solutions in preference to building out their own remote services," Mr. Wharton says. "That, in turn, has encouraged more cyber criminals to exploit vulnerabilities in cloud applications and target cloud service providers too."

Hiscox found that there is a huge difference in the perceptions of the cyber-attack threat between businesses that have experienced an attack and those that haven't. Some 55 percent of cyber-attack victims see cyber as an area of high risk, according to the report, versus 36 percent of those who haven't yet suffered an attack.

But a sizable majority of all companies embraced the importance of keeping data secure, according to the report, with 72 percent of those surveyed indicating they believe they'd experience damage to their brand if they don't handle client and partner data securely.

The difference in perception was also apparent in attitudes regarding whether the cyber threat is increasing, the report shows. Of those who've experienced an attack, 41 percent said their cyber-risk exposure has increased. Meanwhile, among those who haven't been attacked, only 23 percent see the risk increasing.

Hiscox also found differences in the perception of the cyber threat among different industry sectors. Business services firms are the biggest spenders on cyber security, at an average of $34 million, according to the report, 6 times the average. The travel and leisure industry spends the least on cyber security, Hiscox says.

According to the report, businesses identified as cyber "experts" under Hiscox's methodology have a heightened awareness of the danger of cyber risks than do those businesses considered cyber "novices." While 58 percent of those considered cyber experts consider their exposure to cyber attacks high or very high, only 32 percent of cyber novices share that perception, the report says.

Four out of five businesses that don't have cyber insurance and say they don't plan to purchase the coverage did not experience a cyber attack in the past year, the report says. Of that group, 51 percent qualify as cyber novices under the Hiscox methodology.

Remote working has affected the perception of the cyber threat, the Hiscox survey found, with 62 percent of respondents agreeing that their business is more vulnerable to cyber attacks with employees working from home. Among cyber experts, the share seeing an increased threat increases to 76 percent, though it's only 49 percent among cyber novices.

"It would appear that the move to remote working has shifted the focus of attacks," the report says. "The main way in for the hackers is corporate servers, and there has been a big jump in the numbers reporting entry via cloud server. This aligns with the warning from international agencies that bad actors are increasingly targeting cloud infrastructure."