This is the second Hiscox Cyber Readiness Report, conducted by Forrester Consulting, and it has been expanded to cover more than 4,100 organisations, large and small, in both private and public sectors, across five countries – the UK, USA, Germany, The Netherlands and Spain. It puts the spotlight not only on the financial consequences of individual cyber breaches but also on the enormous cost in terms of investment made to counter the threat. Above all, it measures the cyber readiness of respondents using a multi-dimensional model built on best practice in cyber strategy and execution.
A few observations from the report:
UK
25% Large UK organisations (more than 250 employees) rank among the most cyber-ready in the study. A quarter of them qualify as cyber security experts. The figure is topped only in the US (26%).
$20m – With the largest average IT budgets, UK firms top the table for spending on cyber security. However, the cost of breaches is still among the highest in the survey: for larger UK firms that were targeted in the past year, costs ran to $20 million, with an average of $463,000.
US
30% – US organisations emerge as the most cyber-ready. Some 30% of US respondents rank either as cyber security experts or intermediates. Nearly half (45%) have a formal cyber security strategy and two-thirds (67%) consistently deploy antivirus or antispyware technologies.
53% – More than half (53%) of the US government entities in the survey report an attack in the past year. Among the larger US organisations that were targeted, the cost of cyber-attacks ran to $25 million with the average coming out at $578,000.
Germany
64% – German firms are most likely to involve the board in the strategy-setting process (64%, do so), but only 38% have a formal cyber security strategy.
$5m – Among the smaller firms in the survey (up to 250 employees), German ones have been hit hardest by cybercrime, with an average cost of $55,000 over the past year. When it comes to individual incidents, German organisations also report the highest cost figures – ranging up to $5 million.
The Netherlands
82% – More than four in five (82%) Dutch organisations rank as cyber novices. Despite the fact that they are most likely to have suffered at least three cyber-attacks in the past 12 months (experienced by 47% of Dutch respondents), they come bottom of the table for both IT spend and for the proportion devoted to cyber security.
42% – Dutch firms lag in other areas too. For instance, they are least likely to provide cyber security training and awareness programmes across the workforce: only two in five (42%) do so.
Spain
11% – Spanish organisations devote the largest proportion of their IT budgets to cyber at 11%. Two-thirds of firms targeted(67%) made changes after an attack (compared with 53% across the five countries).
57% – They are the most heavily targeted, with 57% reporting one or more attacks in the past year. They are most likely to cite external attacks as the most common source of cyber incidents that have interrupted their business in the past 12 months (29% of them).
You can DOWNLOAD THE REPORT HERE: https://www.hiscox.co.uk/cyberreadiness
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.