Small firms

What the Hiscox Cyber Readiness Report means for your firm

Explore the Hiscox 2022 Cyber Readiness Report. Our partner Hiscox takes you through key findings in eight countries – from the number of attacks to cybersecurity costs.

colleagues around a laptop with cybersecurity symbols on the right

Cyber-risk is increasing for business

Cyber-attacks are now seen as the number one risk to businesses across the globe, according to our sixth annual Cyber Readiness Report. The number of companies which have experienced at least one attack per year rose, from 43% in 2021, to 48% in 2022. 

But our 2022 report shows that although the risk of cyber-attack is growing, businesses are becoming increasingly aware of that threat and committed to prevention.

Cyber-attacks are the number one threat

Businesses in seven of the eight countries surveyed rank a cyber-attack as the number one threat to the company. This comes ahead of concerns regarding skills shortages, economic downturn and even the pandemic.

Ireland was the only outlier here and, even so, it ranked cyber-threats as its number two concern.

We also found that the size of targeted companies is shifting. Businesses earning $100,000 to $500,000 annually can now expect as many attacks as those earning $1m to $9m.

However, although cyber-threat is becoming less discriminatory, perspective is important when it comes to issuing a level of concern against attacks. 

We found those who had experienced an attack were more likely to rank the issue as high-risk. In fact, 55% of victims believe cyber-attacks are highly threatening, while, among non-victims, only 36% labelled it as such.

Financial services was an anomaly. Despite viewing a cyber-attack as a bigger threat than other sectors, only one in three financial services firms experienced an attack in the last year – a low figure in comparison to other sectors.

The food and drink industry experienced more attacks within the same time frame, though culinary business owners rank the pandemic and skills shortages above cyber.

Gareth Wharton, cyber CEO at Hiscox, says the fact the cyber threat is now seen as the dominant risk is "telling". But adds, “if awareness of danger is the first step in dealing with it, that is surely an encouraging sign”.

Number of cyber-attacks rises year-on-year

The 12% increase in companies attacked over the last year is significant, but it shows a continued trend. In our 2020 report, 39% of businesses had been victim to a cyber-attack, which shows a 23% increase over the last two years.

This trend is followed by businesses’ attitude to risk. Some 41% of attack victims say their risk exposure has increased over the last year.

Furthermore, around one in five businesses yet to experience an attack also believed their exposure had increased, suggesting it isn’t only those already burned who are becoming increasingly cyber-aware.

While numbers are rising within all countries surveyed, the UK continues to have the smallest proportion of firms being attacked, at 42%. While this is encouraging, the median cost of these attacks has almost doubled to £21,000. 

Whether we focus on the number of attacks, companies that perceive cyber threats as high-risk, or the consequent costs of these issues, the numbers are continuing to rise year on year.

Average cost of a cyber-attack up nearly a third

Cyber-attacks can hit your business hard in the pocket. And the global cost of cyber-attacks has grown by 29% over the past year, according to our findings.

On average, businesses can expect to spend just under £12,750 to reverse the damages if they fall prey to cyber criminals.

The UK has seen the biggest rise here. A typical cyber-attack now sets UK businesses back £21,000. Ireland has experienced the second-largest jump, with costs going from £6,000 to £12,750.

Five out of the eight countries surveyed faced a rise in cyber-attack costs, including the United States, which experienced an identical jump to Ireland – of £6,750. 

Remote working leads to rise in cloud attacks

Within the report we asked what percentage of businesses’ workforce worked from home. Pre-pandemic in the UK, companies on average had 13% remote workers, in the height of the pandemic it was 66% and this has now levelled out to 40%.

The report suggests this shift to remote working – and to the cloud – has also shifted the focus of cyber-attacks. The primary method of entry for attackers is now cloud servers, accounting for 41% of all attacks in the last year. 

Following cloud servers, the other methods through which attacks were coordinated were:

  • business emails – 40%
  • corporate-owned servers – 37%
  • remote access servers – 31%
  • employee-owned mobile devices – 29%
  • DDoS (distributed denial of service) attacks – 26%

“The move to remote working has prompted many smaller businesses to adopt cloud solutions in preference to building out their own remote services,” says Wharton.

“That, in turn, has encouraged more cyber criminals to exploit vulnerabilities in cloud applications and target cloud service providers too.”

Firms spending more on cybersecurity 

With the growing threat of cyber-attacks becoming more apparent, it’s perhaps no surprise businesses are spending more than ever on cybersecurity. Factor in the fresh, post-pandemic cyber-attack routes, and increased investment makes sense.

Our report found spending on cybersecurity is up 60% compared to 2021. Overall, a company’s average spend in cyber security hit £4.0m over the past year – up 250% from 2019, and 60% from 2021.

To combat the increase in attacks, it seems firms, globally, are becoming more prepared to spend on security, with the average proportion of IT budget spent on the issue sitting at 23%. 

Unfortunately, this increase in company revenue dedicated to cyber-security may be warranted. In fact, the increase in budget spend is progressively becoming a loss-prevention issue.

For example, in the UK, 20% of businesses saw their solvency materially threatened by cyber-attacks.

Furthermore, the number of UK businesses that experienced a large fine because of a cyber-attack has more than doubled since 2021, reaching one in five.

Top three spending priorities for UK businesses 

  1. Threats and vulnerabilities – UK businesses are prioritising addressing existing threats and vulnerabilities. This is the number one priority across both large and small companies
  2. Regulatory factors – businesses are also intent on achieving or maintaining regulatory compliance. This includes ensuring devices and policies are re-visited and up to date
  3. Partner requirements – UK businesses are making a formal effort to comply with their partners’ external security requirements

Running for cover 

Despite the growing cyber-threat, many firms still don’t have cyber insurance in place to protect their business, staff and property.

Unsurprisingly, the industries that deem cyber-attacks their biggest threat are leading the way. 74% of financial services companies have cyber cover, as do 71% of tech firms. 

But the numbers fall significantly when you move to less high-tech sectors. Only one in two construction firms currently have cyber cover, for example. The figure of 53% is the same for travel and leisure businesses.

Final thoughts 

Our Cyber Readiness Report 2022 paints a concerning picture of a growing cyber-threat, with more companies reporting an attack this year than last, and with criminals quick to adapt to new trends such as the rise in working from home.

But more positively, businesses are increasingly aware of the risks of a cyber-attack, and happy to spend more on prevention. So, the picture at the midpoint of 2022 is one of growing cyber threat but increased awareness. And this increased vigilance can only be seen as a good thing.

Wharton concludes “there is clear evidence in this report that firms are responding to attacks with more vigour. Many more are taking decisive action. Greater awareness is driving up boardroom understanding of the issue and standards of cyber readiness with it.”

Want to know more? Read the full report 

Maximise your Law Society membership with My LS