Cyberattacks have incurred an average $4.7 million in annual losses in the last fiscal year, with more than one in 10 firms losing more than $10 million, according to Willis Towers Watson and ESI ThoughtLab.
A new study, covering 467 firms across multiple industries in 17 countries, revealed that companies worldwide plan to boost their cybersecurity investments by 34% in the next fiscal year, after raising them by 17% the previous year, while a further 12% expect to bolster their cybersecurity investments by more than 50%.
The study also found that since last year, the percentage of companies seeing a significant impact from cybercriminal activities, such as installation of ransomware, has soared from 57% to 71%.
“It is clear from the findings that companies are experiencing escalating impacts this year from key adversaries, including cybercriminals, malicious insiders, and state-sponsored hackers, often from jurisdictions beyond the reach of local law,” said Peter Foster, chairman of Willis Towers Watson global FINEX cyber and cyber risk solutions. “Establishing a continuous assessment through an integrated risk approach to cyber is critical for mitigating this ever-growing risk.”
The study also highlighted that most companies worldwide and across industries are witnessing a greater volume of cyberattacks and higher losses per incident.
“Other than the direct costs such as financial expenses and fines arising as a result of cyber breaches, indirect costs such as opportunity costs, reputational damage, and loss of customers can be equally or even more costly to companies,” said Jessica Wright, cyber leader Asia for corporate risk and broking at Willis Towers Watson. “While the immediate losses from an incident may not be catastrophic, it may take more than five years for a company to feel the full financial consequences, particularly if a company has lost their competitive advantage as a market leader. It is therefore important for companies to take an integrated approach in assessing and managing their reputational risks.”
To combat evolving risks, the research said companies need to take a proactive, multi-layered defense. Companies address cyber risks by allocating the biggest share of their budgets to technology, while seeking the right balance between investments in people and process. They are also focusing more on risk identification to address emerging vulnerabilities and are investing more in resilience to ensure they can respond quickly to successful attacks.
The survey was carried out by The Cybersecurity Imperative, a global thought leadership program produced by independent researcher ESI ThoughLab in conjunction with Willis Towers Watson and other organisations specialised in cybersecurity and risk management.