Though, the proportion of firms reporting a cyber security event in the past 12 months is down this year from 61% to 39%.the financial impact is many times greater than before, according to an international survey commissioned by insurer Hiscox, .
This year’s figures illustrate the price to be paid for an online presence today. The median cost to the 1,971 companies that suffered cyber incidents and breaches, over the past 12 months, was $57,000. That represents a near six-fold increase on the previous year’s $10,000.Totting up the cost of all cyber events reported by Hiscox's sample brings the combined cost to $1.8 billion. That compares with $1.2 billion on the previous year, when the number of businesses attacked was more than a third higher, said the study.
“While the number of firms reporting a breach is down, the cost and intensity of criminal activity in this area appear markedly higher. The numbers that have paid a ransom following a malware infection are chilling. Nobody should doubt the scale of the problem,said Gareth Wharton, Cyber CEO, Hiscox
The highest recorded cyber loss was $87.9 million from a financial services firm in the UK.More than 6% of total respondents paid a ransom. Their combined losses came to $381 million.
However the positive signs are that twice as many firms responded to a breach by adding new security and spending more on employee training
It was the bigger companies that paid the highest price for an online presence. This should be no surprise as they were also the most heavily targeted.Irish and German firms suffered the biggest median losses, but the pain was widely spread. Among firms that experienced attacks, the median losses for energy firms rose more than thirty-fold while several other sectors had to deal with losses many multiples of the previous year. The figures suggest cyber criminals increasingly see energy and manufacturing firms as lucrative targets.
There has been a shift in the hackers’ behaviour in the last six to 12 months as they focus more on industries such as energy and manufacturing. There are three reasons for this. Firstly, reliance on automation (i.e. managed by computers). Secondly low maturity in cyber resilience (e.g. poor back-ups, limited disaster recovery planning or testing). Finally, low tolerance to what is often a high-impact outage. This offers rich pickings for ransomware attacks.
The figures drive home the importance of good detection and back-ups. Among firms reporting any form of cyber event, USA and France had the largest percentage paying a ransom (18% compared with an average of 16%). The good news is not all ransomware attacks were successful. Large numbers of firms reported recovering their data from a back-up or rebuilding it without resorting to paying of ransom (19% and 17% respectively).
The UK had the lowest number of breaches and highest ratio of incidents to breaches, suggesting best at thwarting attacks Germany recorded the largest combined losses, across incidents and breaches, of just under $400 million.In the USA percent of IT budget spent on cyber increased by 61% and the median loss was below average at $50,000..