The Hiscox Cyber Readiness Report 2018 found that 73% of the businesses surveyed failed the cyber readiness test, with just 11% qualifying as ‘experts’. The survey asked more than 4,100 organisations from the US, UK, Germany, Spain, and the Netherlands from a range of sectors about how ready they are for cyber threats.
- Unsurprisingly, 21% of larger organisations (with more than 250 employees) were more prepared and were ranked as cyber experts, whereas only 7% of smaller companies (with less than 250 employees) ranked as experts
- Of those experts, 89% have a clear strategy, 72% are prepared to make updates following a breach, and 97% include security staff awareness training
- 53% of experts said they plan to spend more on employee awareness training, compared to only 29% of organisations that failed the cyber readiness test
- 45% of businesses surveyed admitted to suffering at least one cyber attack in the past year, with those in financial services, energy, and telecoms, and government organizations being “prime targets”
- 66% of respondents cited cyber threats as a top risk to their organisation alongside fraud
Steve Langan, chief executive of Hiscox Insurance, said:
This report shines a light not only on the financial consequences of cyber incidents but also on the enormous investment being made to counter the threat. Importantly, it offers a picture of what best practice looks like. Often the answer is not ‘more technology’ but proactive thinking, more rigorous processes and better trained staff.
Of the 1,000 US companies surveyed:
- 54% said that employee training has helped reduce the number of cyber security incidents
- 43% admitted carrying out cyber security exercises to better understand their employees’ behaviour
Dan Burke, vice president and cyber product head for Hiscox USA, said:
As threats become more advanced and sophisticated, cyber readiness is no longer a ‘nice to have’ but a ‘must have’ for businesses of all sizes. There needs to be a dedicated investment, and not just a financial one, in order prevent, detect and mitigate cyber attacks.
Protect your organisation
Although these findings are not unexpected, it appears that not all organisations are investing in staff awareness training, which is a missed opportunity. With cyber security threats becoming more sophisticated and increasing in volume, organisations need to be more prepared than ever or risk the consequences.
No matter how prepared an organisation thinks it is, its employees will always be a wildcard. A recent report from Kaspersky Lab found that inattentive employees were responsible for 46% of cyber incidents in 2017. Don’t let your staff be your downfall.
Staff awareness training can also help to combat insider threats by ensuring that staff who have access to sensitive data have the correct knowledge and understanding of information security, as well as being aware of the consequences and risks.