One in 10 firms lose over US$10 million due to cyberattacks

One in 10 firms lose over US$10 million due to cyberattacks | Insurance Business

One in 10 firms lose over US$10 million due to cyberattacks

Cyberattacks have inflicted an average of US$4.7 million in losses for the past fiscal year, with one in 10 firms sustaining losses exceeding US$10 million, an industry report revealed.

The report was produced by The Cybersecurity Imperative, a global thought leadership program produced by independent researcher ESI ThoughtLab, in conjunction with Willis Towers Watson and other cybersecurity and risk management organisations.

The study, which covered 467 firms across multiple industries in 17 countries, revealed that businesses expect to boost their cybersecurity investments by 34% in the next fiscal year, after raising them by 17% the previous year. Around 12% of companies surveyed plan to bolster their cybersecurity investments by over 50%. Additionally, since last year, the percentage of companies seeing a significant impact from cybercriminal activities — such as installation of ransomware — has soared, from 57% to 71%.

Read more: Insurtech investment rises as firms focus on cyber – Willis Towers Watson  

“It’s clear from the findings that companies are experiencing escalating impacts this year from key adversaries, including cybercriminals, malicious insiders and state-sponsored hackers, often from jurisdictions beyond the reach of local law,” said Peter Foster, chairman of Willis Towers Watson’s Global FINEX Cyber and Cyber Risk Solutions. “Establishing a continuous assessment through an integrated risk approach to cyber is critical for mitigating this ever-growing risk.”

The study also highlighted that the frequency and magnitude of cyberattacks has increased. Companies in China, Japan and India are seeing an estimated average loss of close to 10% of their revenue, the report said.

In order to combat evolving risks, the study recommends companies to take a proactive, multi-layered defence. Firms are responding by allocating the biggest share of their budgets to technology, while seeking the right balance between investments in people and process. There’s also an increased focus on risk identification to address emerging vulnerabilities and increased investment in resilience to ensure businesses can respond quickly to successful attacks.