According to Hiscox’s Third Cyber Readiness Report, which surveyed 5,400 firms in the U.S. and the E.U., cyber threats have “become the unavoidable cost of doing business today.” The Report notes that for the first time, “a significant majority of firms surveyed said they experienced one or more cyber-attacks in the last 12 months. Both the cost and frequency of attacks have increased markedly compared with a year ago, and where hackers formerly focused mainly on larger companies, small-and-medium sized firms are now equally vulnerable.” The number of firms that reported cyber incidents rose from 45 percent in 2018 to 61 percent in 2019.

Hiscox, a well-known cyber insurer, shares its experiences in the Report by stating that business email account compromise “is currently the main cause of cyber claims, followed by ransomware.” This is very consistent with our experience over the past year.

Other key findings of the Report include the following:

  • More firms fail the cyber readiness test—including cyber strategy and execution.
  • Cyber losses soared last year and costs increased 61 percent with medium and large firms bearing a disproportionate percentage of the cost, which is attributed to the largest incidents.
  • 65 percent of firms experienced cyber-related issues in their supply chain in the past year, which mean they are becoming commonplace.
  • The frequency and intensity of cyber-attacks are increasing.
  • More small and medium sized firms were attacked in the past year.
  • No industry is immune from cyber-attacks.
  • Relying on the cloud includes risk.
  • The financial impact of cyber-crime increased as much as 61 percent in the past year.
  • Cyber readiness has stalled.

The positive news in the report is that businesses understand that cyber threats are real and they are taking action to combat them. Some ways in which firms are responding to the threat include the following:

  • More firms appoint someone to lead cyber efforts.
  • More firms are responding to incidents with concrete actions.
  • Firms recognize that the threats and increased regulation is not going away and are addressing it with realism instead of complacency.
  • Firms are responding to regulatory compliance.

Finally, the Report reiterates that prevention is still key in addressing cyber risks. The Hiscox Report can be accessed at