The Hiscox Cyber Readiness Report 2020

The Hiscox Cyber Readiness Report 2020

Meeting the cyber challenge head-on

Our fourth Hiscox Cyber Readiness Report provides a thorough view of the techniques organisations are using to shield against cyber threats in 2020, as well as outlining a blueprint for cyber readiness best practice.

The report shows cybercrime is on the rise – and so is the threat to business. Cyber losses have risen nearly six-fold worldwide in the past year, according to the 2020 Cyber Readiness Report – our annual study of international cyber readiness.

The Cyber Readiness Report, now in its fourth year, shines a light on how prepared the commercial world is to face cyber threats. The report now surveys firms in the UK, the US, Spain, the Netherlands, Germany, France, Belgium and Ireland.

Our very first Cyber Readiness Report landed in 2017 and provided a unique gauge of cyber readiness. It investigated the size and scope of the cyber security challenge and the way businesses were responding.

The 2020 report shows that as cyber security practices grow, so do the stakes. The proportion of firms reporting a cyber event is down this year from 61% to 39%, but the financial impact of each breach is many times greater than before.

Key findings from the 2020 Cyber Readiness Report

The 2020 report shows a cyber landscape which is maturing – though losses have soared, so too have the number of organisations which have achieved ‘expert’ status. The proportion of business experts has increased from 10% to 18% since 2019.

This follows two years of stalled growth, suggesting the corporate world is becoming better equipped to safeguard against cybercrime. The pace of spending has also accelerated, from $1.47 million to $2.05 million on average – and it seems this increased investment is buying expertise.

The threat of cybercrime is by no means diminished, however – large firms are still finding themselves in the firing line, with more than half of enterprise-scale organisations reporting at least one cyber incident.

One in six of those attacked were held to ransom, with costly consequences. The highest loss involving ransomware topped $50 million for one unlucky organisation.

The report sheds light on the differences as well as the trends. Some of the largest losses were seen in the UK market, including one UK financial services firm which was hit by total losses of $87.9 million. The largest loss from a single cyber event also fell on UK soil, costing the professional services company in question a cool $15.8 million.

There are also important differences within the UK market, as our interactive table reveals.

report cyber
Download the report
report cyber
Download the report
report cyber
Download the report
report cyber
Download the report

Switch how you view this data




Measurable Impact


Cyber Budget


Cyber Incidents


Cyber insurance policy


Dedicated cyber role


Cyber policy


Median cost of cyber events (last 12 months)


Risk Score


* Disclaimer: The property, energy, food and drink, travel and leisure sectors in the UK used sample sizes of less than 50, therefore the data for these sectors may not be representative.

How the Cyber Threat Ranking Table works

The table ranks cyber threat by industry – the higher the total risk score, the more exposed your sector is in the current cyber security landscape.

The data is taken from the UK arm of the Hiscox 2020 Cyber Readiness Report, which showed a 39% jump in cyber security spending across all markets. As the table reveals, however, there are big differences in the way UK businesses are responding to the threat.

At Hiscox, we know every small business is unique. Consultants, graphic designers and builders will all face different cyber threats. Take a look at the column showing ‘cyber events’ to see how common cyber events are in your line of work.

Some cyber-attacks are far costlier than others and the big breaches tend to target certain sectors. Explore the ‘financial costs of cyber events’ column to see the median cost of events affecting your industry during 2019 and 2020. The ‘time to eradicate threat’ column reveals how long it took each sector to react.

The table illuminates key differences in cyber security investment, including security budgets, the number of roles dedicated to cyber and plans to invest in all-important cyber insurance.

The table is interactive – hover over a column for a description of the scores below and what they mean or click the column to rank the sectors by this indicator.

For a deep dive into the data for your sector, simply click the name of your industry and a pop-up box offers a comprehensive view of the landscape.

The table can also be filtered with a click – hit ‘view by company size’ to explore how micro-businesses compare to organisations with more than a thousand employees.

What the Cyber Threat Ranking Table shows

The table shows no two sectors experience cybercrime in the same way. The scale of the threat and the amount of money at stake can vary enormously between industries.

The table also exposes big differences in terms of preparation, highlighting the sectors which are particularly vulnerable to cyber-attacks.

The energy industry has the highest total risk score, which is partly due to how often criminals target it, and partly because energy firms’ cyber budgets were 10% lower than average. Forty-one per cent of businesses in the energy sector have experienced one or more cyber events in the last year – a number only surpassed by the financial services sector.

Financial services companies suffered the highest median cost of cyber events, at £137,404 ($180,000). However, businesses in this sector have the highest cyber budgets and 75% plan to invest in a cyber security policy.

The significant cyber threats faced by energy companies come despite 84% having a dedicated cyber role and 68% planning to invest in a cyber insurance policy. In some sectors, it seems, nothing but watertight readiness will do.

The business services sector might be due a cyber revolution, since only 36% have standalone cyber insurance policies.

The professional services sector, meanwhile, which includes legal and accounting firms, has the lowest overall threat score.

By company size, it is the largest organisations which pay the highest price. Such firms faced median costs of more than £280,916 ($368,000) as a result of cybercrime.