Our sixth annual Hiscox Cyber Readiness Report highlights a post-pandemic world shaped by an increased awareness of cyber security risks and maps out a useful blueprint for cyber readiness best practice.
According to the latest Hiscox Cyber Readiness report, businesses increasingly view the cyber challenge as a dominant risk – in 2022, it’s ahead of the pandemic, economic downturn and skills shortages. This comes as the scale of the problem continues to grow.
The number of firms facing attacks has risen, and cyber attacks are becoming more severe. What’s more, small and mid-size businesses are bearing the brunt – firms with revenues of $100,000 to $500,000 now get as many attacks as those in the $1million to $9million bracket.
At the same time, IT spending is down for small businesses, leaving many exposed.
The Cyber Readiness Report provides a unique gauge of the state of commercial cyber security across eight markets – the UK, the US, Spain, the Netherlands, Germany, France, Belgium and Ireland.
In 2021, we reported that cybercrime had risen for the first time since 2018 as the amount firms were spending on cyber security soared. One year on, and attacks have intensified, but so too has recognition of the threat.
Download the report
Key findings from the 2022 Cyber Readiness Report
‘Attacks intensify’
The results from our 2022 report arrive as firms settle into a ‘new normal’ characterised by hybrid working and a big rise in attacks via cloud servers. Ransomware rates are also up, with 19% of the business leaders we surveyed reporting a ransomware attack.
There’s increased bottom-line pressure, too – but expertise is paying off. 64% of companies now have some level of cyber insurance coverage.
The 2022 Cyber Readiness Report finds that:
- Almost half of businesses face cyber attacks – 48% of those we surveyed had faced at least one attack
- Cyber attacks threaten livelihoods. One in five of those attacked said they risked insolvency because of a cyber incident
- Globally, cyber risk is a priority. Seven of the eight countries said a cyber attack was the number one threat to their business
- Costs are up. The median cost of a cyber attack is now almost $17,000
- Spending is rising. Businesses spent 60% more in the year to 2022 than in the previous year
- Expertise can form a defence. So-called ‘cyber novices’ find attacks set them back two and a half times more, as a percentage of revenue.
The report also finds an intriguing gulf between those who have suffered an attack and the businesses that have avoided one.
55% of the firms victim to an attack see cyber as a high-risk area, compared to 36% of those who didn’t report cyber incidents. However, hackers are broadening their attack pool in 2022 – so some small businesses may find they’re dealing with server or cloud-focused attacks for the first time.
The Cyber Threat Ranking Table
Tackling cybercrime: How prepared is your line of work?
Following a year that saw the cyber threat grow, it can help to understand your place in the cyber security landscape.
Our interactive table ranks the cyber security threats UK firms are facing according to sector and reveals just how equipped each industry is. It looks at the number and cost of cyber events alongside the strength of protection, sorting cyber superstars from the sectors playing catch-up.
The data comes from the UK arm of the Hiscox 2022 Cyber Readiness Report, which tells of increased cyber expertise alongside a threat magnetised by Covid-19. We’ve given each sector a ‘risk score’ based on how optimistic business leaders are about their ability to deal with future cyber attacks.
The Cyber Threat Ranking Table also looks at companies by business size, showing the scale of the challenge for smaller UK businesses. Whether you own a small business or work within the security department of a major corporation, this resource provides a quick way to gauge the threat you, and your peers, are facing.
| Industry | Percentage of IT budget spent on cyber security | The number of organisations that have experienced one attack or more | Companies with a cyber insurance policy | Does your organisation have a dedicated cyber role | Reviewing cyber insurance policies | Implementation of systems to detect unauthorised activity | Median financial cost of cyber events $ (last 12 months) | Risk Score |
|---|---|---|---|---|---|---|---|---|
| Professional services | 5 | 3 | 7 | 7 | 6 | 6 | 2 | 36 |
| Business services | 5 | 4 | 6 | 6 | 7 | 7 | 7 | 42 |
| Construction | 4 | 7 | 7 | 5 | 6 | 7 | 3 | 39 |
| Property | 6 | 2 | 7 | 6 | 7 | 7 | 3 | 38 |
| Energy | 4 | 3 | 4 | 4 | 7 | 6 | 8 | 36 |
| Financial services | 4 | 4 | 4 | 4 | 7 | 6 | 10 | 39 |
| Manufacturing | 6 | 7 | 5 | 4 | 6 | 7 | 6 | 41 |
| Pharma and Healthcare | 6 | 8 | 5 | 4 | 5 | 4 | 7 | 39 |
| Retail and Wholesale | 6 | 4 | 6 | 5 | 7 | 7 | 8 | 43 |
| Technology, Media & Telecommunications | 4 | 8 | 4 | 4 | 4 | 4 | 5 | 33 |
| Transport and Distribution | 4 | 5 | 5 | 5 | 5 | 5 | 6 | 35 |
| Travel and Leisure | 6 | 2 | 7 | 7 | 8 | 8 | 10 | 48 |
| Government/Non-profit | 7 | 5 | 5 | 4 | 3 | 4 | 7 | 35 |
| Food and Drink | 5 | 6 | 5 | 5 | 4 | 4 | 2 | 31 |
| Business size | Cyber budget (%) | The number of attacks an organisation has experienced (Median) | Cyber insurance policy (%) | Dedicated cyber role (%) | Cyber policy (%) | Cyber attack detection (%) | Median financial cost of cyber events $ (last 12 months) | Risk Score |
|---|---|---|---|---|---|---|---|---|
| 1-9 employees | 6 | 2 | 8 | 8 | 7 | 7 | 1 | 39 |
| 10-49 employees | 6 | 3 | 6 | 5 | 7 | 7 | 3 | 37 |
| 50-249 employees | 4 | 7 | 4 | 4 | 5 | 5 | 4 | 33 |
| 250-999 employees | 4 | 8 | 3 | 4 | 3 | 4 | 5 | 31 |
| 1000+ employees | 4 | 8 | 4 | 4 | 4 | 4 | 10 | 38 |
* Disclaimer: The property, energy, food and drink, travel and leisure sectors in the UK used sample sizes of less than 50, therefore the data for these sectors may not be representative.
How the Cyber Threat Ranking Table works
The Cyber Threat Ranking Table orders the threat by industry – the higher the total risk score, the more exposed your sector is, according to our statistics.
The data is taken from the UK arm of the Hiscox 2022 Cyber Readiness Report, which uncovered a two-pronged rise: security expertise is up, but so is the frequency of attacks.
As the table shows, these trends are not spread evenly – for some sectors, increased investment has been enough to counter threats, but others remain more exposed.
At Hiscox, we know every small business is unique. Consultants, graphic designers and builders can all face different cyber threats. Look at the column showing ‘cyber incidents’ to see how common these instances are in your line of work.
Some cyber attacks are far costlier than others and big breaches tend to target certain sectors. Explore the ‘median cost of cyber events’ column to see the median cost of events affecting your industry during the year to 2022.
The table illuminates key differences in cyber security investment, including security budgets, the number of roles dedicated to cyber, and investment in all-important cyber insurance.
What the Cyber Threat Ranking Table shows
The table shows the amount of money at stake can vary enormously between UK industries, with some sectors bearing the brunt of the trend towards increased financial impact.
This year, the travel and leisure sector has the highest risk score, with retail and wholesale second highest. For context, though travel and leisure was number one in terms of risk, it came from a small sample size for the sector.
Energy firms – the highest-risk group in 2021 – appear to have tightened their cyber security.
The table exposes big differences in terms of preparation through investment in cyber security, plus each sector’s readiness to adapt.
Retail and wholesale businesses and business services firms finish in the same positions as last year, suggesting little action on cyber security.
The sector with the lowest overall risk profile was food and drink.
The cost of cyber incidents was often significant in 2022 – median losses stood at $28,129*.
Attacks and losses represent just one aspect, however. Preparation measures also contribute to each sector’s table position.
The technology, media and telecommunications (TMT) sector dedicated the highest percentage of its IT budget to cyber security. More than a quarter (26%) of budgets in this industry went to cyber.
Personnel dedication was also highest in TMT. 92% of TMT firms employed a dedicated cyber specialist – way above the UK average of 78%.
Overall, the table shows a split between the well-equipped and the not-so-prepared. In the UK, 63% of businesses planned to purchase cyber insurance as part of their strategy.
*Data collected from a global study and all figures presented in US dollars.
Read more about what Hiscox can offer
Hiscox Cyber Insurance
There are a number of other ways you can boost your cyber readiness – learn about Hiscox cyber insurance and how it can help you feel more prepared for cyber threats to your business.
Hiscox CyberClear Academy (HCCA)
Hiscox CyberClear Academy is an online interactive suite of cyber security training modules and is available to Hiscox cyber and data insurance policy holders for free.
Hiscox CyberClear Insurance for Brokers
Are you an insurance broker or agent? View our broker resources to learn more about Hiscox CyberClear insurance, from policy coverage to the wider market appetite.