A survey of managers and IT specialists in the United States, United Kingdom, and Germany found that more than half (53 percent) of businesses are not well-prepared to handle cyber attacks, despite increases in cybersecurity spending and a clear awareness of the risk.
In its “Cyber Readiness Report 2017,” specialist insurer Hiscox evaluated survey respondents on cyber strategies, resources, technology, and processes, ranking them from novice to expert. The firm found more expertise in the US, but under a third (30 percent) of respondents overall could be considered “experts.” The gap between novices and experts most often appeared to be in their strategies and processes for addressing cyber risk.
Experts were also more likely to have purchased cyber insurance, but Hiscox noted that improving how businesses think about cyber risk, rather than spending more money, can make more of a difference. The insurer recommended making cybersecurity a board-level priority, adopting a formal strategy for security, training employees, watching for vulnerabilities in technology, documenting all cyber processes, and investing in cyber insurance.
Over half of the organizations (57 percent) reported experiencing a cyberattack in the last year, with 42 percent of them being the target of two or more. US large companies were more likely to be affected, the survey found, with 72 percent of respondents in that category reporting an attack. Costs of attacks ranged from 22,000 euros for smaller German businesses to $102,000 for large US companies.