A unique gauge of cyber readiness
It is an old saying, but a true one: prevention is better than cure. In the age of e-commerce and the connected business, it has a particular ring to it. Robust defences against cyber intruders and strong processes for eliminating careless or rogue behaviour internally are now the keys to business continuity and consumer trust. Without investment in prevention, detection and training, firms leave themselves exposed to costly business interruptions and possible brand impairment.
But just how well prepared are most businesses? For the first time, we surveyed those at the sharp end of the battle against cyber crime – the executives, managers and IT specialists in charge of cyber security within their companies – to find out. We commissioned Forrester Consulting to survey more than 3,000 of these people in the US, UK and Germany, drawn from a representative sample of organisations by size and sector. As such, this report can be considered as one of the most authoritative of its kind.
The study also provides new perspectives on the scale of the challenge firms face in terms of frequency of attack, financial loss and the time it can take to get back to ‘business as usual’ following a cyber incident. The ripple effects from an attack can have a long lasting impact to reputation and client relationships that go well beyond the immediate financial cost.
Importantly, this report also offers a series of practical recommendations for those businesses that still have work to do when it comes to preparing for the cyber risk. Our Cyber Readiness Model, built on the responses from every company we surveyed, provides a unique gauge of cyber readiness across the three countries and a touchstone of best practice for others to follow. These recommendations focus in the main on strategy and process. They are not intended as a prescription for throwing more money at the problem but as a roadmap to better practice.
One part of the solution, adopted by an increasing number of organisations, is to transfer the cyber risk to an insurer. The report shows that while a large number of firms have already gone down this route, and many more are preparing to follow, the insurance industry still has a job to do in instilling trust in its policies, delivering clarity over what they cover and simplifying the way they are written.
At Hiscox our aim is to continue to play a constructive role in helping our clients understand and manage the cyber challenge. I hope this study serves as both an informative and useful guide for every business striving to reduce its exposure to cyber risk.
Chief Executive, Hiscox Insurance