Hiscox®, the international specialist insurer, reveals that US businesses’ cyber security spending is on the rise and they are leaders in cyber expertise, but still have more work to do when it comes to ransomware and phishing emails.
The annual Hiscox Cyber Readiness Report™, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 6,000 professionals responsible for their company’s cyber security from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland. Key findings specific to the more than 1,000 US professionals surveyed include:
- The US is an easy target for ransomware criminals: Out of the countries surveyed, US businesses are most likely to pay a cyber ransom, where 71% of those targeted paid up. The companies who succumbed to the demands paid an average of $17,959 in ransoms over a 12 month period.
- Phishing emails should not be underestimated: The most common method of entry for ransomware in the US is phishing emails (60%).
- Websites are not just an important touchpoint for honest customers: US businesses report the most experiences of cyber criminals attacking their websites as the first point of entry (e.g. via DDoS) at 34%.
- Cyber attacks impact the bottom line and the brand: Eighty-eight percent of US businesses experienced a negative financial impact from DDoS or ransomware attacks. On average, the mean financial impact on revenues was -43%. Furthermore, 72% of US businesses agree that they will damage their brand if client and partner data is not handled securely.
- US firms start strong, but often fall at the final hurdle: US firms are the leader globally with the most firms classified as cyber experts at 25%, followed by the UK at 23%. However, UK firms were the most likely (13%) to have defended or remediated all cyberattacks before they resulted in outcomes such as bad publicity or losing business partners, and US firms were the least likely (6%).
- Cyber insurance is much more than just financial protection: US firms continue to lead in insurance purchasing and are most likely to have standalone coverage (33%). More than just financial protection, 53% of US businesses plan to use the employee training offered by their insurance provider.
- Cyber security spending has increased: Mean cyber security spending has risen from $2.4 million per US firm last year, to $2.6 million this year.
- The pandemic has increased vulnerability to digital viruses: Since the start of the coronavirus pandemic, 49% of US businesses overall believe they are more vulnerable to cyber attacks. When more employees are working from home, 62% of US businesses believe they are more vulnerable.
“The world of work has changed forever. Managing cyber security in one office location has morphed into managing cyber security in huge numbers of workspaces across the country, almost overnight. The pandemic-induced chaos has bred opportunities for cyber criminals, and they’ve been taking advantage,” said Meghan Hannes, Cyber Product Head for Hiscox in the US. “US businesses have come a long way when it comes to cyber expertise, but we cannot stand still. Cyber criminals are voracious in adapting and mutating their digital viruses, and continuous education and proactive security serve as our digital face masks.”