The median cost of cybersecurity incidents increased sharply in 2019, going from € 9,000 to € 51,200 per company over one year, according to a latest Hiscox report.
The efforts made by organizations in the area of cybersecurity seem to be bearing fruit. Indeed, according to the 2020 report of the insurer Hiscox on the management of cyber risks, the number of companies victims of cyber incidents has indeed decreased, going from 61% in the 2019 edition (and even 67% in France) to 39% this year (34% in France). The study also notes that security spending increased by 39%, confirming better consideration of cyber risks on a global scale.
Large companies (more than 1,000 employees) remain more targeted by cyberattacks, 51% of them having declared at least one cyber incident in the 2020 edition. It is also large organizations which report the highest number of incidents (median number of 100) and faults (80).
An average cost of € 35,000 per cyber incident in France
However, the median cost of incidents has increased sharply, from € 9,000 to € 51,200 per affected business. In total, the losses associated with cyberattacks have increased from 1.1 billion euros to almost 1.6 billion euros. Among the respondents, the heaviest losses concern a British financial services company, with a total amount of 79.9 million euros. It was also in a British company that the single most costly incident was identified, a single attack having caused a loss of 14.4 million euros. The median cost of the worst single incident is much lower, at € 3,700. According to the report, France is among the countries where losses from cyber incidents are the lowest, with an average cost of € 35,000.
If virus infections remain the most frequent attacks, accounting for 23% of incidents, they are closely followed by the compromise of corporate messaging (21%) as well as ransomware (19%). Unfortunately, these remain lucrative for cyber criminals. In fact, almost one in six companies (16%) among those victims of cyber incidents paid a ransom, a proportion amounting to 18% in French companies. The highest loss linked to a ransomware attack reached 46 million euros, compared to 9.2 million for other types of malware.
Strengthen employee training
The report also assesses the maturity of companies in managing cyber risks. The overall number of companies classified in the “expert” category increased from 10% to 18%. The biggest increase concerns France, which went from 6% of expert companies to 18% in the space of a year. The largest investments in cybersecurity are also found in France, with an average expenditure of 2.8 million euros.
In 2019, companies that suffered an attack invested more in employee training (25%, compared to 11% the previous year). The number of organizations that purchased cyber insurance after experiencing cyber incidents has also increased steadily, from 9% to 20% in the space of three years. Almost three-quarters of respondents (72%) also indicated that they wanted to increase their cybersecurity budget by 5% or more. Knowing that the survey was carried out before the health crisis, it will be interesting to check in 2021 if these forecasts have materialized or if they have been revised downwards.