The Hiscox Cyber Readiness Report 2018

By   ISBuzz Team
Writer , Information Security Buzz | Feb 14, 2018 03:00 pm PST

This is the second Hiscox Cyber Readiness Report, conducted by Forrester Consulting, and it has been expanded to cover more than 4,100 organisations, large and small, in both private and public sectors, across five countries – the UK, USA, Germany, The Netherlands and Spain. It puts the spotlight not only on the financial consequences of individual cyber breaches but also on the enormous cost in terms of investment made to counter the threat. Above all, it measures the cyber readiness of respondents using a multi-dimensional model built on best practice in cyber strategy and execution.

A few observations from the report:


25% Large UK organisations (more than 250 employees) rank among the most cyber-ready in the study. A quarter of them qualify as cyber security experts. The figure is topped only in the US (26%).

$20m – With the largest average IT budgets, UK firms top the table for spending on cyber security. However, the cost of breaches is still among the highest in the survey: for larger UK firms that were targeted in the past year, costs ran to $20 million, with an average of $463,000.


30% – US organisations emerge as the most cyber-ready. Some 30% of US respondents rank either as cyber security experts or intermediates. Nearly half (45%) have a formal cyber security strategy and two-thirds (67%) consistently deploy antivirus or antispyware technologies.

53% – More than half (53%) of the US government entities in the survey report an attack in the past year. Among the larger US organisations that were targeted, the cost of cyber-attacks ran to $25 million with the average coming out at $578,000.


64% – German firms are most likely to involve the board in the strategy-setting process (64%, do so), but only 38% have a formal cyber security strategy.

$5m – Among the smaller firms in the survey (up to 250 employees), German ones have been hit hardest by cybercrime, with an average cost of $55,000 over the past year. When it comes to individual incidents, German organisations also report the highest cost figures – ranging up to $5 million.

The Netherlands

82% – More than four in five (82%) Dutch organisations rank as cyber novices. Despite the fact that they are most likely to have suffered at least three cyber-attacks in the past 12 months (experienced by 47% of Dutch respondents), they come bottom of the table for both IT spend and for the proportion devoted to cyber security.

42% – Dutch firms lag in other areas too. For instance, they are least likely to provide cyber security training and awareness programmes across the workforce: only two in five (42%) do so.


11% – Spanish organisations devote the largest proportion of their IT budgets to cyber at 11%. Two-thirds of firms targeted(67%) made changes after an attack (compared with 53% across the five countries).

57% – They are the most heavily targeted, with 57% reporting one or more attacks in the past year. They are most likely to cite external attacks as the most common source of cyber incidents that have interrupted their business in the past 12 months (29% of them).


Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x