istock-531422566_mattjeacock-1
iStock/ Mattjeacock
6 February 2018Insurance

Seven out of ten organisations fail cyber security test

Seven out of ten organisations fail cyber security readiness test, according to a recent study commissioned by specialist insurer Hiscox, suggesting major shortcomings.

The Hiscox Cyber Readiness Report 2018 surveyed a representative sample of private and public sector organisations in the UK, US, Germany, Spain and the Netherlands. It assessed each organisation according to their cyber security strategy and the quality of its execution – and ranked them accordingly.

The study of more than 4,000 organisations revealed that only 11 percent scored highly enough in both cyber security strategy and the quality of its execution to qualify as cyber security ‘experts’. One in six firms (16 percent) achieved expert status in either strategy or execution, but not both.

According to the study, larger organisations (those with 250-plus employees) are better prepared. One in five (21 percent) rank as cyber security experts and a further 17 percent pass the expert test in either strategy or execution. Just 7 percent of smaller organisations (250 or fewer employees) make the grade as experts.

The average organisation in the report spends $11.2 million a year on IT and devotes 10.5 percent of it to cyber security. However, the organisations that rank as cyber experts spend twice as much on IT as those that failed the test ($19.8 million on average versus $9.9 million) and devote a higher proportion to cyber security (12.6 percent versus 9.9 percent). Smaller firms lack resources, directing on average 9.8 percent of their IT budget to cyber security compared with 12.2 percent for larger organisations.

Nearly three out of five respondents (59 percent) plan to increase their cyber security budgets in the year ahead. New technology tops the shopping list despite this being the area where the bulk of firms appear best prepared. The experts lead the way: for example, more than half (55 percent) plan to increase spending on awareness training compared with only 29 percent of organisations that failed the cyber readiness test.

Almost half (45 percent) of the organisations surveyed report at least one cyber attack in the past year. Two-thirds of those targeted suffered two or more attacks. Financial services, energy, telecoms and government entities were the prime targets.

Among organisations that were targeted in the past year, the average cost of all incidents was $229,000. For organisations with 1,000-plus employees, the average costs ranged between $356,000 in Spain and $1.05 million in the US. Individual organisations faced still higher costs – up to $20 million in the UK and Germany and $25 million in the US.

“This report shines a light not only on the financial consequences of cyber incidents but also on the enormous investment being made to counter the threat,” said Steve Langan, chief executive of Hiscox Insurance Company. “Importantly, it offers a picture of what best practice looks like. Often the answer is not ‘more technology’ but proactive thinking, more rigorous processes and better trained staff. We hope it will serve as a roadmap for all those organisations that still have some way to go.”

Join us at Intelligent Automation in Insurance - London 2018.  Book by Feb 28th and you could save £300.

More of today's news

Munich Re reports strong growth at January renewals

Enstar buys KaylaRe in $400m deal

Chubb appoints new chief claims officer

Strong Q4 props Everest Re’s 2017 results

Assured Guaranty strikes $13.5bn reinsurance deal with Syncora

Lloyd’s elects trio to bolster franchise board

Don't miss our insurtech email newsletter - sign up today

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk


More on this story

Insurance
16 February 2018   Despite seeing cybersecurity as a top risk management priority, a survey finds out that only few senior executives believe in their organization’s ability to mitigate and respond to a cyber event.
Insurance
5 February 2018   Organisations are facing an increased threat to their operations from fraudulent instruction scams, according to claims data recorded by cyber specialised insurer Beazley.
Insurance
31 January 2018   The rapid growth of cyber threats has created challenges for the insurance industry in developing underwriting talent, acquiring claims data, establishing modelling techniques and securing reinsurance capacity, according to the International Underwriting Association of London (IUA).