Insurer Hiscox’s Cyber Readiness Report 2020 surveyed 5,569 cyber security professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland. Key findings include:
- while the number of companies reporting a cyber event was down over the last year (39 percent, down from 61 percent in the 2019 survey), the cost per breach has increased nearly 6x to a median of $57,000. The median cost per breach for large enterprises (more than 1,000 employees) was $504,000.
- 16 percent of firms attacked reported paying a ransom following a ransomware attack. 6 percent of all firms in the survey reported paying a ransom.
- Companies are responding to the increased threat by increasing cyber security budgets, which have increased to 12.9 percent of total IT spend, up from 9.9 percent last year. For US respondents, the increase was even more dramatic, rising from 9 percent of IT spend in 2019 to 14 percent in 2020.
- 40 percent of companies plan to invest more in employee awareness training, up from 34 percent in 2018. In contrast, the percent of respondents who plan to increase spend on new cyber security technology fell from 57 percent to 46 percent over the same time period.
There is no doubt about the increasingly complex threat environment since COVID‑19. However, there are some bright spots detailed by Hiscox. The increase in spend on cybersecurity within the overall IT budget at the same time that IT budgets are increasing within overall corporate budgets indicates that management teams are taking the cyber threat more seriously.
In addition, the increasing spend towards employee awareness training is positive. Cyberhedge assessments of individual companies consistently indicate that an investment in people as part of a robust system of policies and processes can be the difference between good and bad cyber governance. For most companies, increasing spend in this area provides better results than increasing spend on ‘new cybersecurity technology’, especially considering that most companies do not properly configure the technology they already have.
And while the Hiscox survey reports that a higher percentage of companies still plan to increase spend on ‘new cybersecurity technology’ (46 percent of respondents), than plan to increase spend on employee awareness training (40 percent), the differential is trending in the right direction as two years ago 57 percent planned to increase spend on technology, while only 34 percent planned increased spend on employee training.