News emerged in a new report last week that just 10% of European and US firms are “cyber ready”, despite surging attacks.
The study from insurer Hiscox — which spanned the UK, US, Germany, Belgium France, Spain, and the Netherlands — should be something of a wake-up call for IT and cybersecurity leaders. SMEs, in particular, are said to be in the firing line.
Although technical controls certainly play their part in helping to mitigate risk and improve preparedness, the report revealed that cultural changes and a more proactive approach to training are equally important. Perhaps it’s time for the security industry, in general, to take a more holistic approach to threat prevention that’s not so solution-centric.
Attacks soar in 2018
The percentage of firms classed as “experts” in cyber-readiness actually dropped from 11% last year. Yet the threats facing them have never been more pronounced: 61% reported an attack over the past year, up from less than half (45%) the year before. The figure rose even higher in France (67%) and Belgium (71%). The frequency of attacks has also increased, as has their cost: up 61% from $229,000 last year to $369,000 in this year’s report, with medium and large firms bearing most of the financial impact.
According to an FBI report also out last week, total losses from global complaints to the Bureau’s Internet Crime Complaint Center in 2018reached $2.7bn, with nearly half ($1.3bn) coming from Business Email Compromise attacks. Ransomware losses also surged, from $2.3m to $3.6m, although many more attacks go unreported.