The Hiscox Cyber Readiness Report 2018 found that 73% of the businesses surveyed failed the cyber readiness test, with just 11% qualifying as ‘experts’. The survey questioned more than 4,100 organizations from the US, UK, Germany, Spain, and the Netherlands from a range of sectors about how prepared they are for cyber threats.
- Unsurprisingly, 21% of larger organizations (with more than 250 employees) were better prepared and were ranked as cyber experts, whereas only 7% of smaller companies (with less than 250 employees) ranked as experts
- Of those experts, 89% have a clearly defined strategy, 72% are prepared to make changes following a breach, and 97% incorporate security staff awareness training
- 53% of experts said they plan to spend more on employee awareness training, compared to only 29% of organizations that failed the cyber readiness test
- 45% of businesses surveyed confessed to suffering at least one cyber attack in the past year, with those in financial services, energy, and telecoms, and government entities being “prime targets”
- 66% of respondents named cyber threats as a top risk to their organization alongside fraud
Steve Langan, chief executive of Hiscox Insurance, said:
This report shines a light not only on the financial consequences of cyber incidents but also on the enormous investment being made to counter the threat. Importantly, it offers a picture of what best practice looks like. Often the answer is not ‘more technology’ but proactive thinking, more rigorous processes and better trained staff.
Of the 1,000 US companies surveyed:
- 54% admitted that employee training has helped reduce the number of cybersecurity incidents
- 43% reported carrying out cybersecurity exercises to better understand their employees’ behavior
Dan Burke, vice president and cyber product head for Hiscox USA, said:
As threats become more advanced and sophisticated, cyber readiness is no longer a ‘nice to have’ but a ‘must have’ for businesses of all sizes. There needs to be a dedicated investment, and not just a financial one, in order prevent, detect and mitigate cyber attacks.
Protect your organization
Although these findings are not surprising, it appears that not all organizations are investing in staff awareness training, which is a missed opportunity. With cybersecurity threats becoming more advanced and increasing in volume, organizations need to be more prepared than ever or risk the consequences.
No matter how prepared an organization thinks it is, its employees will always be a wildcard. A recent report from Kaspersky Lab found that negligent employees were responsible for 46% of cyber incidents in 2017. Don’t let your staff be your downfall.
Staff awareness training can also help to combat insider threats by making sure that staff who have access to sensitive data have the correct knowledge and understanding of information security, as well as being aware of the consequences and risks.