Seven out of ten organisations fail cyber security readiness test

A study of more than 4,000 organisations across five countries, commissioned by specialist insurer Hiscox, reveals major shortcomings in cyber security readiness at nearly three-quarters (73%) of firms.

The Hiscox Cyber Readiness Report 2018 surveyed a representative sample of private and public sector organisations in the UK, US, Germany, Spain and the Netherlands. It assessed each organisation according to their cyber security strategy and the quality of its execution – and ranked them accordingly. Only 11% scored highly enough in both areas to qualify as cyber security ‘experts’. One in six firms (16%) achieved expert status in either strategy or execution, but not both.

 Larger organisations lead the way

Larger organisations in the study (those with 250-plus employees) are better prepared. One in five (21%) rank as cyber security experts and a further 17% pass the expert test in either strategy or execution. Just 7% of smaller organisations (250 or fewer employees) make the grade as experts.

You get what you pay for 

The average organisation in the report spends $11.2m a year on IT and devotes 10.5% of it to cyber security. However, the organisations that rank as cyber experts spend twice as much on IT as those that failed the test ($19.8m on average versus $9.9m) and devote a higher proportion to cyber security (12.6% versus 9.9%). Smaller firms lack resources, directing on average 9.8% of their IT budget to cyber security compared with 12.2% for larger organisations.

Spending set to rise

 Nearly three out of five respondents (59%) plan to increase their cyber security budgets in the year ahead. New technology tops the shopping list despite this being the area where the bulk of firms appear best prepared. The experts lead the way: for example, more than half (55%) plan to increase spending on awareness training compared with only 29% of organisations that failed the cyber readiness test. 

Evens chance of being targeted

Almost half (45%) of the organisations surveyed report at least one cyber attack in the past year. Two-thirds of those targeted suffered two or more attacks. Financial services, energy, telecoms and government entities were the prime targets.

Steve Langan, Chief Executive of Hiscox Insurance Company, commented: “This report shines a light not only on the financial consequences of cyber incidents but also on the enormous investment being made to counter the threat. Importantly, it offers a picture of what best practice looks like. Often the answer is not ‘more technology’ but proactive thinking, more rigorous processes and better trained staff. We hope it will serve as a roadmap for all those organisations that still have some way to go.” 


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.