The cost of dealing with cyber events such as ransomware and viruses more than tripled for businesses since 2018. That’s according to a survey by a business insurer. Hiscox reviewed data from its annual Cyber Readiness reports going back to 2018.
The financial toll of cyber events, which include data breaches, was estimated at an average of $16,950 (£15,265) per year in the insurance firm’s 2022 Cyber Readiness report. Half of companies surveyed experienced at least one cyber attack in 2022, a rise from 39 per cent in 2020. Different industries were affected differently. Financial services, and the ‘Technology, Media and Telecom’ (TMT) sectors reported a minimum of one attack for three consecutive years. According to the latest report, as many as two-thirds (66pc) of financial services firms were impacted by one or more cyber attack in 2021-22. While the median (middling cost when all are lined up) cost of cyber events has increased, the survey suggested evidence that businesses are getting savvier in their cyber preparedness, with the average IT budget for cyber security in 2022 being £4,714,482.83. This marks a three-fold spend increase compared to 2018 of £1,323,973.13.
Alana Muir, Head of Cyber at Hiscox, said: “Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realisation by businesses that the impact can be just as severe. While there has been some fluctuation over the years, cyber attacks are on the rise, so the increased focus and investment from businesses to minimise damage to their brand, operations and customers is positive. A proactive approach to cyber security is the best way to reduce the likelihood of a cyber event and limit the impact. Businesses should regularly evaluate their processes, people management and knowledge of the subject, and aim to create a culture of cyber security where everyone is well-equipped to respond, should the worst happen.”
Visit https://www.hiscox.co.uk/cyberreadiness.
Meanwhile, intelligence and cyber security consultancy S-RM has released its Cyber Security Insights Report. It’s found a drop in concern around the cyber security threats posed by hybrid working. About a third (35pc) of IT leaders say they are concerned over a cyber skills gap among employees.
The report, which draws on data from 600 C-suite and IT budget holders from organisations with revenue over USD $500m, found that 37pc of organisations reported concerns around hybrid working – a drop from 46pc in 2021. This may be in part due the firm suggests to growing awareness of cyber threats among employees. When asked about the biggest cyber security challenges their organisation faced, just 31pc of respondents ‘perceived lack of importance from employees in 2022’. That’s down, from 36pc in 2021.
On the skills gap, over a third of senior IT leaders and C-suite holders in 2022 (35pc) highlighted a lack of cyber skills and expertise as a key challenge facing their business when it comes to cyber security defence and incident management – a figure that rose to 42pc within financial services. Businesses with more mature cyber security policies prioritise different challenges than less experienced companies. Businesses where senior leaders viewed the company’s cyber security as ‘very mature’ were more likely to consider compliance and unsophisticated or outdated cyber security tools as their key challenges (37pc and 33pc%).
Those companies describing themselves as ‘somewhat mature’ were less likely to identify these as key challenges (25pc and 26pc) but rather identified a lack of skills and expertise (38pc) as well as a lack of internal training (33pc) as their main issues to their business. .
Jamie Smith, Board Director at S-RM said: “While we have found that more companies are now adjusting to hybrid working and viewing it as less of a risk, it is clear that cyber security challenges are continuously evolving and 2023 will bring fresh risks to consider. One of the biggest protective measures companies can take over cyber security threats is to build a resilient workforce, and a positive takeaway from our report is that we are seeing more employees take more notice of security threats.”
And Paul Caron, Head of Cyber Security, at S-RM said: “Our report finds some great progress in cyber security maturity across a slew of industries but there is still a significant skills gap evident in the workforce. This is a perennial problem for the sector: how to attract and retain the best talent, to win the knowledge, skills, and technology arms race between threat actors and private businesses.
“It is crucial, for businesses to continue to invest in high quality cyber security training in order to both attract this talent and firm up their own defences by closing this skills gap.”
Visit: https://www.s-rminform.com/cyber-security-insights-report.
