UK businesses were among those worst hit financially by the fallout from cyber attacks during 2020, according to research from insurance provider Hiscox.
The firm’s annual Cyber readiness report highlights the vertical markets across the UK, the US, Spain, Germany, France, Belgium, Ireland and the Netherlands that are considered highest risk of falling victim to cyber attacks.
The research shows that the number of firms that suffered a cyber security incident fell from 61% in 2019 to 39% in 2020, but the financial impact of those incidents has risen markedly.
“The median cost to the 1,971 companies that suffered cyber incidents and breaches over the past 12 months was $57,000,” said the Hiscox report. “That represents a near six-fold increase on the previous year’s $10,000.
“Totting up the cost of all cyber events reported by our sample brings the combined cost to $1.8bn. That compares with $1.2bn in the previous year, when the number of businesses attacked was more than a third higher.”
The research also revealed that some of the biggest financial losses incurred by cyber attacks during 2020 involved UK-based firms, with one financial services outfit incurring total annual losses of $87.9m after suffering a series of incidents.
The UK is also the location of the single most costly cyber incident, said Hiscox, with a professional services company suffering a loss of $15.8m.
Within the UK market, the government and non-profit sector was among those flagged as being at particularly high risk of cyber attacks, with organisations operating in this vertical suffering an average loss of $25,000 in 2020 as a direct result of being targeted.
At the same time, the Hiscox data shows that just 44% of firms operating in this sector had a cyber insurance policy in place, and the average budget they allocated to cyber security protection was 10% lower than the UK average.
“Out of the 15 sectors included in the analysis, government organisations and non-profits were the least likely to be able to measure the impact of a cyber incident, despite 70% of organisations having a dedicated cyber security role,” said Hiscox in a statement.
Stephen Ridley, UK cyber underwriting manager at Hiscox, said the results were particularly concerning given how other vertical markets often looked to the government sector in particular to set the standard for how cyber security matters should be handled.
“UK businesses look to the government and the non-profit sector to deliver world-class cyber strategies and secure technologies, therefore the continued improvement of standards is always necessary,” said Ridley.
“The high risk score associated with the sector highlights the need to implement stronger capabilities to detect and measure cyber threats, in order to contain sophisticated attacks and hacking events. Government organisations in particular are vulnerable to high levels of threat, and the data identifies the areas where risk mitigation needs to be stronger.”