Security Spending Doubles but Two-Fifths of Firms Suffer Breaches

Cybersecurity spending across the US and Europe has surged over the past year, but so too have security breaches, from 38% to 43% of businesses surveyed by Hiscox.

The insurer’s annual Hiscox Cyber Readiness report has become a useful gauge of how mature and effective organizations’ cybersecurity strategies are. This year the firm engaged Forrester Consulting to poll over 6000 such companies across the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland.

It revealed that the average firm now spends more than a fifth (21%) of its IT budget on cybersecurity, an increase of 63% in a year, with mean spending per firm more than doubling in two years — from $1.45 million to $3.25 million.

However, this money isn’t necessarily improving outcomes, given that successful attacks are on the rise. Over a quarter (28%) of those targeted suffered five or more such attacks, with almost a fifth (17%) claiming the financial impact materially threatened the company’s future.

Ransomware had a major impact on organizations last year: 16% suffered attacks and over half (58%) paid up, rising to 71% in the US, according to the report.

Hiscox also appraises organizations by their “cyber readiness” across six key areas of people, process and technology.

It found there was much work still to do, with just a fifth (20%) named as “experts” and more than a quarter (27%) classed as “novices.”

Perhaps unsurprisingly, those deemed experts suffered fewer ransomware attacks, were less likely to pay up and recovered more quickly.

The US had the highest proportion of cyber “experts” (25%) and one of the lowest median costs of attacks. Although the UK ranked second, with 23% of firms named as experts, they were least likely to have had a cyber-attack (36%) and most likely to have defended it successfully, according to Hiscox.