More than One in 10 Firms Losing Over $10M Due to Cyberattacks

Source: Willis Towers Watson | Published on July 11, 2019

Online internet secure payment and network safe communication and banking concept. Person pay in web via computer. Locks and padlocks on diagram.

Annual losses from cyberattacks averaged $4.7 million in the last fiscal year — with more than one in 10 firms losing over $10 million —according to a new report from The Cybersecurity Imperative, a global thought leadership program produced by independent researcher ESI ThoughtLab in conjunction with Willis Towers Watson  and other organizations specialized in cybersecurity and risk management.

The study covered 467 firms across multiple industries in 17 countries revealing that companies worldwide expect to boost their cybersecurity investments by 34% in the next fiscal year, after raising them by 17% the previous year. About 12% of companies surveyed plan to bolster their cybersecurity investments by over 50%. Additionally, since last year, the percentage of companies seeing a significant impact from cybercriminal activities — such as installation of ransomware — has soared, from 57% to 71%.

Peter Foster, chairman, Willis Towers Watson Global FINEX Cyber and Cyber Risk Solutions, said, “It is clear from the findings that companies are experiencing escalating impacts this year from key adversaries, including cybercriminals, malicious insiders and state-sponsored hackers, often from jurisdictions beyond the reach of local law. Establishing a continuous assessment through an integrated risk approach to cyber is critical for mitigating this ever-growing risk.”

The research shows that to combat evolving risks, companies need to take a proactive, multilayered defense. Firms are responding by allocating the biggest share of their budgets to technology, while seeking the right balance between investments in people and process. They are also focusing more on risk identification to address emerging vulnerabilities and are investing more in resilience to ensure they can respond quickly to successful attacks.

Other calls to action from the study include:

Make sure you are investing enough in cybersecurity. Some industries, such as media and consumer markets, are allocating less and may be more exposed to cyber risks.

Think of cybersecurity like any other existential threat to your business. The risks are not just about privacy, liability and stealing data; huge operational risks can also occur if business is interrupted, with reputational impacts that can hurt market positions.

Pay attention to risks from partners and your supply chain. As firms draw on ecosystems of third parties to drive digital transformation, they increase their vulnerabilities to cyber risks.

Be aware that legal and regulatory risks are also rising substantially. Companies that do not comply with new standards face hefty penalties and legal consequences.

Measure your full losses, costs and returns. When hit by a successful cyberattack, you need to understand all your costs — direct and indirect, tangible and intangible.

The survey was carried out in the spring of 2019 as part of a global research initiative titled The Cybersecurity Imperative. The current survey is a follow-up to a more comprehensive survey of 1,300 companies conducted in the fall of 2018.

For more insights on perceived threats, cybersecurity maturity and investment, the full report may be downloaded here.