New report suggests number of big businesses forced to become ‘experts’ in cyber readiness has almost doubled since 2019

Immersive Labs

The proportion of businesses forced to qualify as experts in cyber readiness has risen from 10% to 18% since last year, according to the 2020 Hiscox Cyber Readiness Report.

The latest study by Hiscox in collaboration with research firm Forrester, surveyed a representative sample of organisations battling the risk of cybercrime across eight countries by sector and size. The countries involved were the UK, the US, Spain, the Netherlands, Germany, France, Belgium and Ireland. The research was carried out before the coronavirus pandemic struck.

Financial impact

Notably, the report suggests there has been a decline in the number of cyber incidents and breaches reported in the last year, dropping from 61% to 39%. However, according to the figures, the financial impact from cyber attacks has risen to a combined cost of $1.8 billion, which is a considerable jump from the previous year when the combined cost was $1.2 billion and the number of businesses reporting attacks was more than a third higher. 

“While the number of companies hit by cyber events fell, the frequency and severity for those affected showed a sharp increase,” the report states. “Though some of that is clearly down to the additional costs of ransomware, this is a trend that should concern everyone involved in cyber security.”

According to the findings, the most heavily targeted sectors were financial services, manufacturing and technology, and media and telecoms – with 44% of firms in each sector reporting at least one incident or breach. 

The financial impact varied enormously between countries, sectors and companies, but the figures suggest manufacturing and energy firms are seen as the most “lucrative targets” by cybercriminals  -with energy firms’ median losses rising from $10,000 in 2019, to $337,000 in 2020. The manufacturing industry’s losses rose from $12,000 to $100,000 and the financial sector went from $30,000 to $166,000. Firms in Ireland and Germany suffered the highest median losses.

The UK favoured badly in the results, suffering the highest total loss for one single company – an unnamed financial services firm – at $87.9 million. The UK also ranked top for the highest loss from one single event, costing a professional services firm $15.8 million.

Cyber readiness 

Interestingly, the study suggests that as a result of being ‘super targets’, these sectors ranked best against Hiscox’s cyber readiness model. At the top were Irish and US firms with 24% of companies qualifying as being “experts” in the cyber readiness model. Additionally, 89% of these firms were more likely to have a dedicated head of cyber security or a dedicated team. 

France also showed a dramatic increase in its proportion of experts this time round, with the number rising from 6% to 18% following an increase in firms’ spending on cybersecurity, lifting their cyber budgets from $2.1 million on average to $3.1 million. Spanish and US firms were close behind, at $2.6 million and $2.4 million.

Wharton, Cyber CEO at Hiscox said, “there is clear evidence of a step-change in cyber preparedness. This is apparent not only in the metrics that make up our cyber readiness model but also in the enhanced levels of activity and spending underway to meet the challenge.”


Unsurprisingly, however, the study shows that on the whole, spending more can buy you expertise. Firms ranking as experts spent on average $4.2 million on cyber security in the past year, compared with the average novice spend of $1.3 million. 

However, when questioned if spending equates with cyber readiness, the report says: “The answer is not clear cut. On the one hand, firms that spent double-digit percentages of their IT budget were less likely to have experienced an incident or breach than those spending less than 5%.”

“However, the big spenders, who were often larger firms, suffered higher average costs arising from breaches. Size brings more customers, higher notification costs and bigger ransoms,” it adds.


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.