A fifth of US and European businesses have warned that a serious cyber-attack nearly rendered them insolvent, with most (87%) viewing compromise as a bigger threat than an economic downturn, according to Hiscox.
The insurer polled over 5000 businesses in the US, UK, Ireland, France, Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox Cyber Readiness Report.
It revealed the potentially catastrophic financial damage that a serious cyber-attack can wreak. The number claiming to have nearly been brought down by a breach increased 24% compared to the previous year.
Nearly half (48%) of respondents said they suffered an attack over the past 12 months, a 12% increase from the previous report’s findings. Perhaps unsurprisingly, businesses in seven out of eight countries see cyber as their biggest threat.
Yet perception appears to vary greatly depending on whether an organization has suffered a serious compromise or not. While over half (55%) of total respondents said they view cyber as a high-risk area, the figure among companies that have not yet suffered an attack is just 36%.
While spending on cybersecurity is increasing, on average, up 60% per company year-on-year, so is the cost of attacks. Hiscox calculated the median cost at around $17,000 – up 29% year-on-year.
More concerning given the new era of hybrid working is that almost two-thirds of respondents (62%) agreed that their business was more vulnerable to an attack as a result of employees working from home. This increased to 69% in companies with more than 250 employees.
“Business owners will have spent years growing and investing in their business, but one cyber-attack could reduce what they have built to financial rubble,” warned Hiscox Cyber CEO, Gareth Wharton.
“Remote working is not going away, and has impacted the volume of cyber-attacks as cyber-criminals gain access via cloud servers, so it is vital that businesses take the necessary steps to protect themselves against the complexity and speed of cyber-attacks.”
Wharton added that with phishing emails remaining a top threat vector, organizations should focus efforts on improving their staff awareness training.