Many businesses struggle to survive following a cyberattack and data breach. According to a recent report from the Anglo-Bermudan insurance provider, Hiscox, one-fifth of businesses that suffered a serious cyberattack in the past 12 months nearly went insolvent as a result – 24% more than last year. It can take years of hard work to build a business, only for a mistake by an employee or an unpatched vulnerability to undo all that hard work and bring the business to its knees, potentially even causing the business to permanently close its doors.
The report was based on a poll of more than 5,000 businesses in Europe and the United States. 48% of respondents said they had suffered a cyberattack in the previous 12 months – 12% more than the previous year. The move to hybrid working has not helped businesses with security, with 62% of polled businesses believing having large numbers of employees working from home has made it harder to prevent cyberattacks, although that percentage is lower than the previous year (69%) which suggests that companies are getting to grips with securing the infrastructure that supports a largely remote workforce.
87% of businesses said they thought a cyberattack posed a bigger threat to their business than an economic downturn, and 55% of businesses that had experienced a cyberattack said they viewed cyberattacks as the biggest threat to the business. Interestingly, only 36% of businesses that had not experienced a cyberattack in the past 12 months thought the same way.
The average cost of a cyberattack has increased by 29% since last year, with the median cost of a cyberattack now $17,000. Given the increasing costs of cyberattacks and the frequency with which they are occurring, it is reassuring that cybersecurity budgets have increased. On average, cybersecurity budgets have increased by 60% compared to last year.
Hiscox Cyber CEO, Gareth Wharton, said the main attack vector is still phishing, so it is vital for companies to invest in defenses against this attack vector and to provide security awareness training to the workforce. Email security solutions will prevent the majority of threats from reaching inboxes, but malicious emails will make it past those technical defenses so employees need to be trained on how to recognize and avoid threats. It is also important to ensure that the business cloud environments set up to support a hybrid/remote workforce are properly secured, as cyber threat actors are targeting vulnerable cloud servers and the hybrid business model is here to stay.