The Hiscox Cyber Readiness Report 2021

The Hiscox Cyber Readiness Report 2021

Don't let cyber be a game of chance

Our fifth annual Hiscox Cyber Readiness Report reveals how the cyber security landscape has changed. It also highlights how organisations have fared through the Covid-19 pandemic and maps out a useful blueprint for cyber readiness best practice.

According to the latest Hiscox Cyber Readiness report, businesses are devoting more resources to the cyber challenge than ever before. This comes as the scale of the problem continues to both change and grow.

More firms were targeted by criminals in 2020 than in 2019, and those who needed to defend their business often did so several times. In fact, the survey found that 28% of the businesses that suffered attacks were targeted on more than five occasions in 2020.

This trend, which saw some businesses facing multiple ransomware attacks, comes alongside new challenges posed by the Covid-19 pandemic.

The Cyber Readiness Report provides a unique gauge on the state of commercial cyber security across eight markets – the UK, the US, Spain, the Netherlands, Germany, France, Belgium and Ireland.

In 2020, we reported that the cyber landscape was maturing as losses soared but so too did cyber expertise.

The 2021 report reveals that this trend is becoming stronger as cybercrime has risen for the first time since 2018.

Key findings from the 2021 Cyber Readiness Report

‘A range of impacts’

The results from our 2021 report arrive in the shadow of the Covid-19 pandemic, which many businesses met with resounding cyber resilience. Despite economic pressures, cyber spending was found to have soared. The average business surveyed now devotes more than a fifth (21%) of its IT budget to cyber security, a jump of 63%.

Almost half of respondents said they felt their organisation had become more vulnerable to cyber attacks since the start of the pandemic. This rose to 59% among businesses with more than 250 employees.

However, there was an apparent knowledge gap among the smallest businesses surveyed. Just 31% identified the link between cyber vulnerability and Covid-19, signifying a lack of understanding of pandemic cyber scams.

Last year, the report exposed a divided picture, with success closely tied to budget commitments. This remains true this year; the businesses that the cyber readiness model classifies as experts were found to devote 24% of their IT budgets to cyber.

The 2021 report shows the number of businesses to achieve cyber expert status has risen again, to 20%. After limited growth in 2018 and 2019, it seems leaders are continuing to adopt best practice benefits.

The frequency of cyber events was found to have increased in 2020, bringing a range of financial impacts.

Of those targeted, about one in six businesses said a cyber event threatened the viability of their business.

Ransomware was found to have played a significant role. The survey found that a payment had been demanded from around one in six of those hit by cyber criminals and more than half paid.

Of the eight markets surveyed, the UK market was found to have been the least affected by cyber threats.

report cyber
Download the report
report cyber
Download the report
report cyber
Download the report
report cyber
Download the report
report cyber
Download the report

Switch how you view this data




Cyber Budget


Cyber Incidents


Cyber insurance policy


Dedicated cyber role


Cyber policy


Cyber Attack Detection


Median cost of cyber events (last 12 months)


Risk Score


* Disclaimer: The property, energy, food and drink, travel and leisure sectors in the UK used sample sizes of less than 50, therefore the data for these sectors may not be representative.

How the Cyber Threat Ranking Table works

The Cyber Threat Ranking Table orders the threat by industry – the higher the total risk score, the more exposed your sector is, according to our statistics.

The data is taken from the UK arm of the Hiscox 2021 Cyber Readiness Report, which uncovered a two-pronged rise: security expertise is up, but so is the frequency of attacks.

As the table shows, these trends are not spread evenly – for some sectors, increased investment has been enough to counter threats, but others remain more exposed.

At Hiscox, we know every small business is unique. Consultants, graphic designers and builders will all face different cyber threats. Take a look at the column showing ‘number of attacks’ to see how common these instances are in your line of work.

Some cyber-attacks are far costlier than others and big breaches tend to target certain sectors. Explore the ‘financial costs of cyber events’ column to see the median cost of events affecting your industry during 2020. The ‘time to eradicate threat’ column highlights how long it took each sector to react.

The table illuminates key differences in cyber security investment, including security budgets, the number of roles dedicated to cyber and plans to invest in all-important cyber insurance.

The table is interactive – hover over a column for a description of the scores below and what they mean or click the column to rank the sectors by this indicator.

For a deep dive into your sector’s data, simply click the name of the industry and a pop-up box offers a comprehensive view of the landscape.

The table can also be filtered with a click – hit ‘view by company size’ to explore how micro-businesses compare to organisations with more than a thousand employees.

What the Cyber Threat Ranking Table shows

The table shows the amount of money at stake can vary enormously between UK industries, with some sectors bearing the brunt of the trend towards multiple cyber-attacks.

It also exposes big differences in terms of preparation through investment in cyber security. The energy sector displays the highest risk score with 48, while the retail and wholesale sector and the business services industry come second and third, respectively.

At the other end of the table, technology, media and telecommunications (TMT) has the lowest risk score, at 35. Meanwhile, both the manufacturing and property sectors achieved a score of 36.

The cost of cyber incidents was often seismic – the highest median losses were suffered by the energy sector, at $35,439*. Last year, we reported significant costs in the TMT sector, and although costs are still high, they are slightly reduced.

This is shown not only by the small drop in risk score, but also the median cost of cyber events in the TMT sector was $39,600 in the 2020 report and $13,125 in the 2021 report.

There's much work still to be done, though, as the latest figure sits at 61% above the UK's national average.

Attacks and losses represent just one aspect, however. Preparation measures also contribute to each sector’s table position.

Pharmaceutical and healthcare organisations dedicated more of their IT budget to cyber security than any other industry, at 23%.

Personnel dedication was highest in heavy industries such as manufacturing, transport and distribution, and construction. 91% of manufacturing firms employed a dedicated cyber specialist.

Manufacturers were also most likely to invest in a standalone cyber insurance policy, with 89% having plans to take out cover. This marks a big rise from 65% highlighted in the 2020 report.

The table also shows how cyber resilience varies by company size. Across all markets, the gap between small and large firms became steeper in 2020, with 61% of enterprise-scale businesses experiencing attacks.

In the UK, large companies are responding by investing in knowledge. Almost all (98%) of firms with more than 1,000 people now have a role specifically for cyber security.

Investment is increasingly important to SMEs too – 84% in the second-smallest bracket said they plan to take out cyber insurance, up from just 49% last year.

*Data collected from a global study and all figures presented in US dollars.