A recent global report by Hiscox Insurance has found that 41% of Irish firms had experienced at least one cyber attack event in a six month period from September 2019 to February 2020. These are among the findings of a study of 5,569 companies across eight countries that was commissioned by insurer Hiscox, which includes Irish data for the first time.
The report revealed that 6.5% of Irish firms paid a ransom following a ransomware attack.
The total cost of cyber incidents and breaches among the 335 Irish companies in the Hiscox Insurance study group was over €113m, the second lowest total of the eight countries surveyed. Despite this, of the 125 Irish companies that suffered a cyber breach, Ireland also had the highest median cost (€91,860). One Irish company suffered total cyber losses of €17.8m, with the largest single event costing approximately €4.5m.
The most heavily targeted sectors were financial services, manufacturing and technology, media and telecoms with 44% of firms in each sector reporting at least one incident or breach.
The Hiscox Cyber Readiness Report, now in its fourth year, surveyed a representative sample of private and public sector organisations in the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland. Each firm was assessed on its cyber security strategy and execution, and ranked accordingly.
Irish companies are ahead for most cyber spending categories for the coming year, and by some margin, in enhancing disaster recovery capabilities, improving the security of customer-facing services and apps, and enhancing top management engagement in cyber policies and procedures.
Ireland also tops the table for the percentage of companies expressing confidence in their IT and security readiness (70% and 66% respectively). They are also most likely to have a standalone cyber insurance policy (38%).
Patrick Mettler, Head of Sales and Distribution for Hiscox Insurance Ireland said; “To have an Irish snapshot in the Hiscox global survey on Cyber Readiness gives us a great insight. It is shocking to see so many Irish companies suffering a cyber attack and likewise the number of businesses that have paid a ransom following a malware infection is chilling.
There is, however, one very positive message from this year’s report. There is clear evidence of a step-change in cyber preparedness, with enhanced levels of activity and spending. Take-up of standalone cyber insurance remains patchy, but this report is a reminder that firms are many times more likely to have a cyber incident than either a fire or a theft – for which most automatically insure.”
The global picture for Cyber Readiness is a lot more encouraging. While losses increased, the proportion of businesses targeted fell from 61% to 39%. Cyber losses among businesses targeted in the past year have risen nearly six-fold, from a median €8,900 per firm to €50,732. But there are signs that firms are responding with more rigorous security measures and higher spending, to combat the loss, which increased by 39%.
- 335 – number of companies surveyed in Ireland
- 41% of Irish Firms reported at least one cyber event in the last 6 months
- 6.5% or 22 firms paid a ransom following a ransomware attack
- The total cost of all cyber incidents and breaches among the 335 Irish companies was €96million
- The largest Cyber incident or breach reported cost the firm approximately €4.5 million
- Irish firms were ahead of the rest in terms of spending on Cyber protection
- On average, Irish businesses spent 13% of their IT budget on Cyber Security
- One quarter of firms (24%) ranked as Cyber readiness experts and are most likely to have either a dedicated head of cyber security or a dedicated team (89%)
- 38% of firms say they have specialist cyber insurance cover
- 18% of businesses responded with ‘don’t know’ when asked if they had experienced a Cyber event.
- 5% of businesses stated they do not back up their critical data.
Global Key insights;
- 5,569 professionals responsible for their organisation’s cyber security strategy were surveyed
- The number of firms affected by a cyber event this year fell considerably, from 61% to 39%
- Total cyber losses among the affected firms were $1.8 billion – up from $1.2 billion the previous year
- More than 6% of total respondents paid a ransom to an attacker. Their combined losses came to $381 million.
- Firms increased their cyber security spending by 39%. Expert firms spent more and plan to go on doing so
- 15% of businesses reported difficulty attracting new business, following a cyber crime incident
- Twice as many firms responded to a breach by adding new security and spending more on employee training