Cyberattacks are bringing organizations close to bankruptcy: So what’s the answer?

Print Friendly, PDF & Email

A new report from global insurer Hiscox makes for sobering reading. It claims that as many as a fifth of firms from the U.S. and European countries have come close to insolvency due to cyberattacks in the past. For any business owner still unsure about the need for comprehensive cyber risk mitigation, here is the proof.

With both costs and attack volumes surging, a relatively small outlay on cybersecurity today could save considerable pain further down the road. But knowing where to focus that investment is key. This is where the Cyber Readiness Report offers some important insights.

What we know

Compiled from a survey of over 5,000 businesses in the UK, U.S., Spain, France, Germany, Belgium, the Netherlands, and Ireland, the Hiscox report offers a handy snapshot of the past year. It reveals that:

  • The volume of attacks is increasing: 48% of respondents said they suffered one in the past year, a 12% year-over-year increase.
  • The cost of attacks also rose by 29% to just under $17,000 per compromise on average.
  • Most businesses (62%) agree that they’ve become more vulnerable as a result of employees working from home.
  • Nearly a fifth (19%) of respondents reported a ransomware attack over the past year, up from 16% in 2020. Most (66%) paid the ransom.
  • Seven out of the eight countries surveyed ranked cyber as their number one business threat.
  • The top attack vectors were cloud servers (41%), email (40%), corporate servers (37%), and remote access servers (31%).

What it means

We shouldn’t be too surprised that attacks are costing organizations dearly. The latest report from IBM claimed that the average cost of a data breach is now over $4.2 million, a record high. Serious incidents don’t just result in obvious expenses like third-party forensics, IT overtime, and regulatory fines, but also potential legal costs, customer churn, and reputational damage. The report highlights other financial impacts that SMB owners may not immediately consider, including:

  • The cost of notifying customers of an incident
  • Greater difficulty attracting new customers
  • Loss of business partners

Organizations are also right to claim that remote working during the pandemic made them more vulnerable. Many were forced to invest in more cloud infrastructure during the pandemic, while staff working at home were arguably more likely to click on phishing links and engage in other risky behavior. Use of remote access infrastructure like remote desktop protocol (RDP) also increased and was exploited by threat actors. These trends align with the top attack vectors listed in the report.

Organizations need to respond by finding a better way of protecting against email-borne social engineering attacks and misconfigured and unpatched cloud and remote access infrastructure.

Reducing cyberattack risk, improving outcomes

It’s concerning that cyber readiness scores overall fell 2.6% year-over-year, according to the report. That meant a sharp decline in the number of firms ranked as “experts,” dropping from 20% to just 4.5%. The majority are now classed as “intermediate.”

It’s also worrying to note that, despite the headlines, many organizations are still not taking cyberattacks seriously enough. Although 87% of respondents said they think cyber is their number one threat to the corporate bottom line, and 55% said they saw it as a “high risk” area, the later figure dropped to 36% for those that hadn’t experienced an attack. It seems that unless directly exposed to a security breach, business leaders are happy to sit in blissful ignorance.

That’s a strategy doomed to fail eventually. So ,what does it take to become a cyber readiness “expert”? A few best practices will at least help to mitigate those major attack vectors, including:

  • Comprehensive email security including advanced phishing and impersonation protection
  • Security awareness training to help staff better spot social engineering attempts
  • Multifactor authentication on all sensitive cloud, RDP, and on-premises accounts
  • More streamlined cloud-ready remote access for staff, which offers an improvement on legacy VPNs
  • Incident response planning and regular testing
  • Continuous cloud monitoring and remediation to ensure compliance with security policy
  • Web application firewalls to mitigate the risk of vulnerability exploitation
  • Cloud-ready firewalls to block zero-day and other attacks
  • Regular backups including one copy offsite and offline
  • Cyber insurance. Although premiums are increasing, organizations with best practice security controls in place may be able to strike better deals and increased coverage

As the report shows, cyberattacks represent nothing short of an existential threat to many businesses. It’s time to devote the necessary time and resources to treat it as such.

E-book: Protect against all 13 email threat types

Scroll to top