40% of firms in the UK, US and Germany have taken out cyber-insurance
40% of firms in the UK, US and Germany have taken out cyber-insurance

More than half (53 percent) of businesses in the UK, US and Germany are ill-prepared to deal with cyber-attacks according to a new study from Hiscox.

The specialist insurer has released a report which assesses firms according to their readiness in strategy, resourcing, technology and process. The study surveyed 3000 executives, IT managers and other key professionals responsible for cyber-security decisions within their organisations from the three countries.

Less than a third (30 percent) of companies qualified as “expert” in their overall cyber-readiness.

UK firms are the least likely to have experienced a cyber-attack in the past year (45 percent), however 35 percent say they have changed nothing following a cyber-security incident.

Nearly half (49 percent) of the top-ranked companies or “cyber experts” are US-based. Larger US firms are also targeted more often than others with 72 percent experiencing an attack in the past 12 months and nearly half (47 percent) of all US firms experiencing two or more. Fifty-five percent claim they have cyber-insurance.

Only 43 percent of German companies believe their government is doing enough to protect them from cyber-attack (compared with 62 percent in the US and 48 percent in the UK). German firms are also the least likely to have cyber-insurance (30 percent).

Overall, 40 percent of firms say they have taken out cyber-insurance, a higher figure than generally quoted elsewhere.

In commentary to SC Media UK, Steven Malone, director of security product management at Mimecast said, “Whilst cyber-insurance can offer a safety net, the rapidly evolving threat landscape means that policies are continuously at risk of becoming outdated. Readiness is important but an active cyber-resilience stance means being prepared to deal with unknown attacks as they occur while maintaining business continuity.”

“It's crucial that businesses explore how their policies protect against email attacks such as CEO fraud and ransomware, alongside regular employee training to help spot today's threats.”

More than half (57 percent) of firms have experienced a cyber-attack in the past year and two in five (42 percent) have had to deal with two or more. Nearly half (46 percent) of businesses took two days or more to get back to business as usual.

Most cyber-security budgets (59 percent) are set to increase by five percent or more over the coming 12 months while one in five firms (21 percent) will lift spending by double-digits. Around a quarter of firms that experienced a cyber-attack responded by increasing their spending on prevention or detection technologies.

Twenty-nine percent of smaller businesses say nothing changed following a cyber-security incident compared to 20 percent of larger firms.

“By surveying those directly involved in the business battle against cyber-crime, this study provides new perspective on the challenges they face and the steps they are taking to protect themselves. But it also offers a series of practical recommendations for those businesses that still have work to do in tackling cyber-risk,” said Steve Langan, chief executive, Hiscox Insurance.