Countering the cyber threat
Cyber security poses a challenge unlike any other. Businesses large and small, both public and private, face an enemy that is unseen and largely unknown, has seemingly shape-shifting powers and appears utterly unrelenting. Each year brings a renewal of the contest but in a subtly different form. This is an enemy that can be confronted but never quite defeated.
If anyone still harboured doubts about the severity of the threat, the events of the past year should have dispelled them. From the WannaCry ransomware attack to the hacking of one of the world’s largest credit agencies, 2017 produced numerous reminders that operating in a connected world has fearsome perils. The cost of these attacks has undoubtedly run into the billions.
It is an old adage that you should hope for the best but plan for the worst. That is certainly true when it comes to battling cyber crime. In today’s world, there is no alternative to investing in sophisticated prevention and detection systems and supporting them with the people and processes that will make them effective. This study not only reinforces that message but it provides a detailed picture of what cyber readiness really looks like.
This is the second Hiscox Cyber Readiness Report, conducted by Forrester Consulting, and it has been expanded to cover more than 4,100 organisations, large and small, in both private and public sectors, across five countries – the UK, USA, Germany, The Netherlands and Spain.
It puts the spotlight not only on the financial consequences of individual cyber breaches but also on the enormous cost in terms of investment made to counter the threat. Above all, it measures the cyber readiness of respondents using a multi-dimensional model built on best practice in cyber strategy and execution.
As an end of term report, it might have the words ‘can do better’ scrawled on it in red ink. It highlights the cyber readiness shortcomings of the majority of the organisations in our sample, particularly the smaller ones.
On the plus side, however, it offers valuable insights into how firms can up their game and strengthen their defences. Often the answer is not ‘more technology’ but proactive thinking, more rigorous processes and better trained staff.
Hopefully, this report will provide a spur to further action. It is certainly timely. As the following pages show, if an organisation was spared a serious attack in 2017, there is a good chance it will be targeted in the future. The resultant economic loss is only part of the story; the potential harm to a firm’s reputation and its standing with customers can be significantly more damaging.
For an increasing number of organisations, a key part of the solution is to transfer some or all of the risk to an insurer. Hiscox is a specialist provider of cyber and data risk insurance, providing standalone cover to more than 20,000 firms, big and small, around the world under the CyberClear brand. For many of those customers, peace of mind is matched by the knowledge that they can turn to us to help them get back up and running after a serious incident.
As an indication of how seriously we take the issue of customer support in this area, we have just launched a cyber academy, which is designed to aid cyber risk awareness among our customers and improve their ability to detect and respond to cyber threats.
At Hiscox, we will continue to expand our services in cyber and play our part in helping mitigate the impact of cyber crime on our customers. We hope that in aiding understanding of the issues involved, and highlighting cyber readiness best practice, this report contributes to that process.