Cyberattacks are on the rise in America, if a new report by Hiscox is anything to go by.
The “Hiscox Cyber Readiness Report 2019” is Hiscox’s third in the annual report series. To prepare the report, the international specialist insurer surveyed about 5,400 professionals in the US, UK, Germany, Belgium, France, Spain and the Netherlands to assess the cybersecurity preparedness of businesses in those countries; more than 1,000 of those respondents were based in the US.
According to the report, 53% of US businesses reported experiencing a cyberattack in the past 12 months, compared to only 38% the year before. Hiscox also noted that 45% of US companies experienced three or more attacks in the last year, and that the mean cost of US cyber incidents was around $119,000.
Despite the increase in cybersecurity incidents, however, American companies are not doing enough to mitigate the damage of such risks, the report found.
Hiscox detailed that while 72% of US businesses plan to increase spending on cybersecurity in the coming year, only 11% cited increased spending on employee training and cultural changes as a result of a cybersecurity incident. Both measures have been identified as “crucial components” in the improvement of a company’s cybersecurity.
Twenty-seven percent (27%) of respondents also said that they have no plans to purchase cyber insurance, and another 5% said they are “unsure” of what cyber insurance is.
The supply chain of these companies also appears to be the most common target for cyberattackers, Hiscox suggested in its report. Fifty-six per cent (56%) of firms said they experienced cyber-related issues in their supply chain in the past year. However, only 7% cited increased evaluation of the supply chain as a result of a cyber incident.
Hiscox also evaluated each participating firm in the report based on their cyber preparedness. In the US, only 11% of large and enterprise firms ranked as “cyber experts” this year, compared to 26% of large and enterprise firms last year.
“The message that cyber risk is a real threat to businesses of all sizes is sinking in. Companies are increasingly aware of the risks and pouring more resources into cyber protection, and yet, there is still a tremendous gap between awareness of the issue and actually having an effective defense,” commented Hiscox US cyber product head Meghan Hannes.
Hannes added that while many believe increasing cyber-related spending fully protects their business, they still need to take a holistic approach to cybersecurity. This means enacting internal protocols and training employees on cybersecurity best practices, which ultimately creates a “human firewall as the first line of defense.”