Skip to main content
Blog Home
Start Your Business
Grow Your Business
Protect Your Business
Celebrate Courage
Search

Small Business Insider

Sign up to get the latest small business tips delivered right to your inbox.
Close Close
Protect Your Business
February 6, 2018
Hiscox Cyber Readiness Report Cover

Hiscox Cyber Readiness Report: 3 Steps to business cyber security

Cyber | Industry Spotlight
By: Hiscox Blog

Share Image

Embed Image

Copy

Share Article:

The thought of a cyber-attack is enough to strike fear into the heart of anyone. From targeted attacks like the Equifax breach to the widespread WannaCry ransomware hack to individual spearfishing attacks, it seems no one is safe. But there are steps every business can take to minimize the impact of an attack. Here’s how to become cyber ready in three steps.

Hiscox recently released the 2018 Hiscox Cyber Readiness report, based on a survey by Forrester of 4,100 companies in the US, UK, Germany, Spain and the Netherlands. The report explores the degree to which companies are prepared to prevent or withstand a cyber-attack.

download button for cyber readiness report.

Each company surveyed was rated an expert, intermediate or novice when it came to their level of preparedness. Alarmingly, only 13% of US companies fell into the ‘expert’ category. Over two-thirds  (70%) of companies were rated as cyber novices.

What makes a cyber security expert?

In order to become an expert in cyber security, you want to do three things.

  1. Prevent an attack on your organization. This means having a response plan in place and practicing what to do in the event of an attack. The entire organization should be trained on potential hacks like spearfishing, malware and password attacks. The focus on cyber awareness needs to come from the corner office, and the entire c-suite needs to be invested in the process.
     
  2. Detect an attack as early as possible, if one occurs. A comprehensive training program includes teaching employees to be on the lookout for suspicious activity that would indicate an attack has occurred.
     
  3. Mitigate the impact of an attack on your organization. Having a tight response plan in place will help, as will early detection. Having cyber insurance, either as a stand-alone policy or as a component of your business liability coverage, will reduce your out of pocket exposure and may provide crisis management services as part of the policy.

In order to accomplish these three steps, there are several key factors at play.

  • Awareness. Everyone in the organization needs to be aware of the possibility of an attack. They need to know what they can do to prevent one, including the best practices for passwords and the warning signs of phishing.
     
  • Strategy. Have a plan in place to deal with a cyber-attack as soon as it is recognized. Specific duties should be assigned to specific individuals, and everyone must know their role. Revisit the plan periodically to ensure it addresses new threats.
     
  • Engagement. Involvement from the C-suite is critical. Cyber security strategy should be set with input and support from the very top of the organization. Everyone in the organization should be aware of the policy on cyber security and what their specific role is.

The true cost of an incident

Spending money on cyber security doesn’t make one an expert, although the experts do have higher spend rates than others. Cyber experts had double the IT budgets of novices ($19.8m vs. $9.9m), and spent a higher percentage of their IT budget on cyber (12.6% vs. 9.9%.) And spending is often the easy part. You also need a rigorous set of processes and awareness of the issues.

The cost of a cyber security incident is daunting. Among the companies who were able to estimate the cost of the attacks they suffered in the last 12 months, the average cost was $229,000. Larger companies incurred higher costs, with the average cost to the largest companies estimated at $1.05 million in the US. The highest cost estimate for a single organization in the US was $25 million.

If the cost of a potential threat were not enough to spur action, perhaps regulation will be. In May of this year, the EU will institute its General Data Protection Regulations (GDPR) which will impose stiff fines for failure to institute preventative measures. Note that this rule applies not only to the countries in the European Union, but to anyone who collects personal information about citizens of the EU. 

The 2018 Hiscox Cyber Readiness Report shows that most US companies have a ways to go before they can be considered cyber ready. With diligence and dedication, they can get there.

 

Protect Your Business

Protect the business you’ve worked so hard to build. Get a fast, free quote and your business could be covered today.

Get a Quote
Get a Quote
Subscribe to our newsletter

Related Articles

3 Min Read
Woman at work using hand sanitizer. OSHA COVID-19b guidelines.

New OSHA guidelines on how businesses should handle COVID-19 in the workplace

Claims | Management

New OSHA guidelines on COVID-19 in the workplace are here. Here's everything you need to know if you're a business owner and have employees.  Read More

4 Min Read
how much does business insurance cost? Insurance icon.

How much does small business insurance cost?

Insurance 101 | Professional Liability

Wondering how much business insurance costs? Here are some of the factors that go in to how much business insurance costs and some examples of what a hypothetical small business might pay for insurance.  Read More

3 Min Read
Insurance tab. File, folder. Deductibles, limits, and endorsements.

What are deductibles, limits and endorsements?

Insurance 101

There are some insurance terms you should know to help you better understand your policy. We’ll define 3 of the most important: Deductibles, limits, and endorsements.  Read More


We’re here to help.
We provide tailored insurance for the specific risks you face, so you can take the right risks to grow your business.
Get a Quote
Get a Quote
Blog, Footer2021
  • What We Cover
    • Business Insurance
    • General Liability Insurance
    • Professional Liability Insurance
    • Errors and Omissions
    • Cyber Security Insurance
    • Workers Compensation
    • Other Coverage
  • Who We Cover
    • Small Business Owners
    • LLC
    • Side Hustle
    • Contractors
    • Home Businesses
    • 180+ Professions
  • For Our Customers
    • Refer a Friend Program
    • Covid-19 Response
    • Claims Center
  • For Business Owners
    • Save with our Partners
    • Hiscox Podcast for Business
  • About Hiscox
    • About Us
    • Careers
    • Contact Us
    • Hiscox Corporate
    • Investors
    • Foundation
    • Newsroom
    • We Stand Together
    • Affiliate Partner Program
Blog, Footer, 2nd Row (new)
  • Accessibility
  • Site Map
  • Privacy Policy
  • Terms of Use
  • Legal Notices
  • Español

Feefo Reviews: Hiscox rated 4.8/5 with 2,032 reviews between January 31, 2020 - January 21, 2021

© 2021 Hiscox Inc. All rights reserved. Underwritten by Hiscox Insurance Company Inc., 104 South Michigan Avenue, Suite 600, Chicago, IL 60603. As of December 31, 2019, HICI had admitted assets of $778,266,779 and policyholders surplus of $215,333,986. Total liabilities were $562,932,793 (inclusive of $236,274,591 of loss reserves) and paid up capital stock was $4,242,000.

icon-facebook
icon-youtube
icon-twitter
icon-linkedin