UK enterprises have seen a significant increase in cyber attacks in 2019, with 55 per cent reporting that they had faced an attack in 2019, up from 40 per cent last year. The figures, from an annual Cyber readiness report from insurer Hiscox, found that figure increased to more than three out of five firms (61 per cent) across the seven EU countries surveyed, up from 45 per cent in the 2018 report.
In spite of this rise, the percentages of companies that achieved top scores for their cyber security readiness was down across the board, and particularly poor for UK firms. Across all countries surveyed, only one in ten (10 per cent) companies achieved ‘expert’ cyber security readiness status in 2019, down from 11 per cent in 2018. Nearly three-quarters (74 per cent) ranked as unprepared ‘novices’. There was also a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
Dan Pitman, principal security architect at Alert Logic told SC Media that: "A significant jump in attacks lines up with the research seen by Alert Logic and other security organisations. With systems more interconnected and integrated than ever, and every organisation having at least one (usually many) web presences which offer up an attack vector, combined with attackers automating more than ever, this statistic is just going to keep going up each year; no surprise generally to those in the security community.
"What is more surprising, or at least disheartening, is the downturn in security maturity Hiscox has seen. No doubt tied to the UK being joint-least likely to have a defined cyber-security role on staff. It is critical that businesses have at least one person who is focused on driving improvements in cyber security and that that person is enabled to drive change in technology and business processes – overall could do better: C minus."
In more bad news for the UK, the report found that UK firms have the lowest cyber security budgets with less than $900,000 on average compared with an average across the study group of $1.46 million. Interestingly, UK business were not only the most likely to say they could clearly measure the business impact of cyber incidents, but also came in below average on the cost of cyber security incidents, at $243,000 compared with $369,000.
Felix Rosbach, product manager at comforte AG told SC Media that: "This isn’t just an issue in Great Britain, we’re seeing similar problems worldwide. You should never feel that you aren’t at risk. One of the biggest problems is that cybersecurity isn’t addressed properly at the board level in many organizations and therefore budgets are still very small.
"But even if you had an infinite budget and installed every solution available, that still wouldn’t guarantee you absolute security. Missing security combined with increasing impact of breaches creates substantial problems for organizations. Looking at those numbers we definitely see a trend: protecting data is becoming more important than preventing breaches."
A contributing factor has been new regulation, according to the report, with 84 per cent of Continental European firms stating that they have made changes following the advent of the General Data Protection Regulation (GDPR). The figure for UK firms was slightly lower, at a respectable 80 per cent.