19 April 2021Analysis

German firms particularly vulnerable to cyber attacks: Hiscox Cyber Readiness report

German firms are particularly vulnerable to cyber attacks, according to the Hiscox Cyber Readiness report 2021.

In its fifth year, the Hiscox Cyber Readiness Report found that German firms accounted for more than a third of total losses across the entire study group at $48 million. The report surveyed 6,042 companies across the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland.

Hiscox unveiled a new cyber readiness model to gauge firms’ strengths in six key cyber security areas across people, process and technology. It is designed to be interactive, allowing businesses to check and compare their cyber maturity with their peers, draw on best practice in each area, and develop cyber resilience.

One in five (20 percent) were classified as ‘expert’ while more than a quarter (27 percent) were classed as novices.

Firms that qualified as experts in Hiscox’s cyber readiness model suffered fewer ransomware attacks, were less likely to pay up and recovered more quickly. The US had the highest proportion of cyber experts (25 percent) and one of the lowest median costs of attacks. The UK ranked second, with 23 percent of firms ranked as experts.

The report showed that the overall proportion of businesses targeted by cyber criminals in the past year increased to 43 percent from 38 percent. Over a quarter of those targeted (28 percent) experienced five attacks or more, while one in six businesses attacked (17 percent) said the financial impact of cyber attacks materially threatened their future.

Mean spending per business on cyber security has more than doubled in the last two years, the report found. However, adoption of standalone cyber cover increased only 1 percent over the course of the year, to 27 percent. Take-up was highest among large companies and those ranked as experts.

The report exposed the range and unpredictability of cyber attack costs. For the smallest firms, with under ten employees, the median cost of cyber attacks was $8,000, but 5 percent of those attacked suffered costs of $300,000 or more. Larger firms experienced a similar range in outcomes.

Around one in every six firms attacked (16 percent) was targeted with ransomware, with 58 percent of them paying up, with even more (71 percent) paying the ransom in the US. The costs of recovery from a ransomware attack were often almost as high as the ransom paid, making up an average 45 percent of overall cost.

The average firm now devotes around 21 percent of its IT budget to cyber security- an increase of 63 percent in a year. Mean spending per firm on cyber has more than doubled in two years – from $1.45 million to $3.25 million.

Less than half (47 percent) of firms said they had become more vulnerable to cyber attack since the onset of the pandemic, though two-thirds of large and enterprise firms (67 percent and 68 percent respectively) said they had reinforced their cyber defences to deal with home-working. Only 35 percent of firms with under ten employees have made such an investment.

Gareth Wharton, Hiscox cyber chief executive officer, said: “Cyber is a complex problem but that does not mean it is unmanageable. With good risk management and appropriate cyber insurance, firms can contain the impact of an attack and limit the damage.”