Financial consequences of cyberattacks are pushing many businesses to the brink, new research from Hiscox reveals. The highest cost of a single incident or breach to a firm was €742,923, while the median cost was around €6,937.
The proportion of businesses targeted by cyber criminals in the past year increased globally from 38pc to 43pc, according to the Hiscox Cyber Readiness report 2021, with over a quarter of those targeted (28pc) experiencing five attacks or more.
Those attacks are pushing many firms to the brink, with one in six businesses attacked (17pc) saying the financial impact materially threatened the company’s future.
“Businesses in Ireland have enough on their plate at the moment, without having to deal with hackers and cybercriminals but we cannot ignore this unfortunate reality”
Out of the global study, Ireland had the largest proportion of firms (36pc) ranked as cyber novices – meaning that they are not as well prepared for a cyberattack, based on the Hiscox Cyber Readiness model.
These are among the findings of a study of 6,042 companies across eight countries, commissioned by specialist insurer Hiscox.
Now in its fifth year, the Hiscox Cyber Readiness Report, surveyed a representative sample of organisations in the US, UK, Belgium, France, Germany, Spain, the Netherlands and included 320 companies in Ireland.
Risks from inaction
“The results of this report are chilling. One of the big takeaways is the worrying range of financial impacts that cyberattacks can have on a business,” said Richard O’Dwyer, managing director at Hiscox Ireland.
“The risk of inaction is that the next attack could be enough to sink the business – particularly with the challenging times at present.
“Businesses in Ireland have enough on their plate at the moment, without having to deal with hackers and cybercriminals but we cannot ignore this unfortunate reality, it is unlikely the threat of cyberattacks will diminish any time soon.
“Cyber is a complex problem but that does not mean it is unmanageable – the key is to build cyber resilience. With good risk management and appropriate cyber insurance, firms can contain the impact of an attack and limit the damage – so that if the worst happens, they are covered financially and well prepared with a team of experts behind them.”
According to the Hiscox repor, 39pc of Irish companies suffered a cyberattack in the past 12 months, with 70pc of those companies targeted more than once.
The report warned of a gulf in perception on Covid-19 dangers. New questions asked in 2021, highlighted perception around Covid-19 and cybersecurity in Ireland. 44pc of respondents believe their organisation has been more vulnerable to cyberattacks since the start of the pandemic, with 59pc of those believing this is due to remote working. Interestingly, 54pc claim that their organisation has increased its cyber defenses because of the Covid-19 pandemic.
Cost of cyberattacks on businesses
The highest cost of a single incident or breach to a firm was €742,923, while the median cost was around €6,937.
According to the Hiscox report ransomware now commonplace. Around one in every six firms attacked (16pc) were targeted with ransomware and 75pc of those firms paid up, either to recover data or to prevent publication of sensitive information. The single largest ransom paid in Ireland was close to €40,000.
Phishing emails were the main way in for the extortionists (65pc), with smaller companies particularly likely to succumb. Other methods of entry included credential theft (reuse of staff username/password), third-party suppliers and unpatched corporate cloud servers.
To counter these threats there has been a jump in cyber security spending. On average, 21pc of Irish firms’ IT budget is allocated to cyber security, this figure is up from 13pc in 2020.
In addition to the report, Hiscox has launched two new online tools where firms can assess their preparedness and resilience at managing cyber attempts and attacks. The ‘Health Checker’ and ‘Maturity Model’ allow businesses and insurance brokers to quickly assess and gauge a firms’ strengths in six key cyber security areas. It is designed to be interactive, allowing businesses to check their cyber ‘readiness’ and compare their cyber maturity with their peers, draw on best practice in each area, and develop cyber resilience.
By John Kennedy (firstname.lastname@example.org)
Published: 19 April 2021