Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

Hiscox

Cyber attacks rise as readiness levels fall

960 640 Stuart O'Brien

A sharp increase in the number and cost of cyber attacks is the key finding in a study of more than 5,400 organisations across seven countries, commissioned by insurer Hiscox.

More than three out of five firms (61 per cent) report one or more attacks in the past year, yet the proportion achieving top scores for their cyber security readiness is marginally down year-on-year.

The Hiscox Cyber Readiness Report 2019 surveyed a representative sample of private and public sector organisations in the US, UK, Belgium, France, Germany, Spain and the Netherlands.

Each firm was assessed on its cyber security strategy and execution, and ranked accordingly. Only 10 per cent achieved high enough marks in both areas to qualify as cyber security ‘experts.’

Among the key findings:

  •    Cyber attacks reach a new intensity:More than three in every five firms (61 per cent) experienced a cyber incident in the past year, up from 45 per cent in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted. 
  •    More small and medium-sized firms attacked this year:While larger firms are still the most likely to suffer a cyber attack, the proportion of small firms (defined as those with less than 50 employees) reporting an incident is up from 33 per cent to 47 per cent. Among medium-sized firms (50 to 249 employees) the proportion has leapt from 36 per cent to 63per cent.
  •    Cyber losses soar:Among firms reporting attacks, average losses associated with all cyber incidents have risen from $229,000 last year to $369,000 – an increase of 61 per cent. For large firms with between 250 and 999 employees cyber-related losses now top $700,000 on average compared with $162,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of $48 million.
  •    More firms fail cyber readiness test:Using a quantitative model to assess firms for their cyber readiness, only one in ten (10 per cent) achieved ‘expert’ status this year, slightly down from 11 per cent in 2018. Nearly three-quarters (74 per cent) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
  •    Cyber security spending up by a quarter:The average spend on cyber security is now $1.45 million, up 24 per cent on 2018, and the pace of spending is accelerating. The total spend by the 5,400 firms in the survey comes to $7.9 billion. Two-thirds of respondents (67 per cent) plan to increase their cyber security budgets by 5% or more in the year ahead.

Gareth Wharton, Hiscox Cyber CEO, said: “This is the third Hiscox Cyber Readiness Report and, for the first time, a significant majority of firms report one or more cyber attacks in the past 12 months. Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. 

“The cyber threat has become the unavoidable cost of doing business today.  

“The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”

The study also shows:

  •    Wide disparity in readiness scores: Overall, US, German and Belgian firms score highest on the cyber readiness model, while more than four-fifths of French firms (81 per cent) are in the ‘novice’ category. Along with the Netherlands, France has the smallest proportion of large and enterprise firms that rank as ‘experts’, at 9per cent.
  •    Cost figures skewed by large incidents: Among firms that were targeted by hackers, there has been a sharp rise in the cost of the biggest single incident reported in the past year. The mean cost has jumped from $34,000 to a fraction under $200,000. 
  •    Supply chain incidents now commonplace: Nearly two-thirds of firms (65 per cent) have experienced cyber-related issues in their supply chain in the past year. Worst affected are technology, media and telecoms (TMT) and transport firms. The majority of firms (54 per cent) now evaluate the security of their supply chains at least once a quarter or on an ad hoc basis.
  •    Reasons to be optimistic: The proportion of firms with no defined role for cyber security has halved in the past year – from 32 per cent to 16 per cent – and there has been a marked fall in the number of respondents saying they changed nothing following a cyber incident (from 47 per cent to 32 per cent). New regulation has also prompted action, with 84 per cent of Continental European firms saying they have made changes following the advent of the General Data Protection Regulation (GDPR). The figure for UK firms is 80 per cent.
  •    Rising uptake of cyber insurance: More than two out of five firms (41 per cent) say they have taken out cyber cover in the past year (up from 33 per cent in 2018). A further 30 per cent plan to but only 27 per cent of small firms.

The full report can be accessed here: https://www.hiscox.co.uk/cyberreadiness

Hiscox reveals results of staged ‘real world’ Brompton cyber attack

960 640 Stuart O'Brien

Hiscox recently collaborated with iconic bike manufacturer Brompton to stage a ‘real world’ cyber attack, simulating the effects by constructing a complete clone of Brompton Bicycle’s east-London store overnight, hiring ‘staff’ and stocking shelves with counterfeit merchandise.

The fake store, called ‘3rompton,’ opened its doors to the public on the opposite side of the road and subsequently launched a series of cyber attack simulations on the genuine Brompton store in Shoreditch, with reactions of staff and passers by captured on video (https://www.youtube.com/watch?v=Y1b8865GOHU&feature=youtu.be).

Common hacking techniques such as ransomware and phishing were brought to life through a series of simulated offline attacks; the real store was boarded up, displaying a ransom note demanding Bitcoin in exchange for re-entry; genuine stock deliveries were diverted to the fake ‘3rompton’ store, highlighting the potential effects of a phishing scam; finally the real Brompton store was flooded with imitation customers overwhelming staff, simulating a denial-of-service (DDoS) attack.

According to the insurer, one in three (33%) UK small businesses have suffered a cyber breach and this simulation is the latest initiative in its cyber awareness campaign, set-up to highlight this risk. 

The firm says cyber security incidents cost the average small business £25,7003 a year in direct costs (e.g. the costs of IT experts in response to the incident, lost revenue and replacement systems), but this is just the beginning. Indirect costs such as damage to reputation, the impact of losing customers and difficulty attracting future customers, means the true figure can be significantly higher.

Robert Hannigan, former Director of GCHQ and Special Advisor to Hiscox, said: “Cyber crime is one of the biggest security risks facing businesses today but many aren’t taking it seriously and many more are underprepared. It’s a less tangible risk than burglary or a fire which can make it hard for businesses to grasp, so bringing cyber crime to life with an exercise like this is a useful way of conveying an important message. 

“The hacking techniques being simulated such as ransomware and phishing are extremely commonplace and have been for many years. At the same time, new types of cyber crime continue to emerge, which makes staying on top of cyber security an ever-evolving challenge.”

Will Butler-Adams, CEO Brompton Bicycle, added: “Our business is about our bike; the design, function and support we give to our customers over the life of the product. We have spent forty years developing the Brompton brand and continue to take risks to innovate and improve the design. When people copy us, with little understanding of the engineering and care behind the design, they are trying to fool our customers who may go on to buy a potentially dangerous product. We wanted to work with Hiscox to highlight these risks, as it is a serious issue and is not limited to the product but also to online cyber fraud, spam emails and viruses, that hurt businesses and their customers alike.”