’Cyber is now a standard business risk,’ says global director

Hiscox has urged businesses to make sure they are “one step ahead” of cyber criminals as attacks on firms rose over the last 12 months.

According to the insurer’s annual Cyber Readiness Report, which was published yesterday (10 October 2023), over half (53%) of businesses suffered at least one cyber attack in the last year, up 5% from the previous year.

And it also revealed that attacks on small businesses with less than 10 employees rose from 23% to 36% over the last three years.

However, one in five firms that were impacted by such an incident felt that it was enough to threaten the viability of the business.

Small businesses of less than 250 employees also reported a lack of confidence around cyber, with only three in five (61%) confident that they could handle an attack.

”Cyber is now a standard business risk, with the number of attacks increasing for the fourth year in a row,” Eddie Lamb, global director of cyber education and advisory at Hiscox, said.


For the report, Hiscox surveyed 5,005 professionals responsible for their company’s cyber security strategy across eight countries – including the UK – between 9 January and 2 February 2023.

It also found that of those that suffered an attack, one in five were held to ransom.

For large businesses with over 250 employees, some 46% paid a ransom to protect customer data, while 42% of smaller businesses with less than 250 employees said they paid to protect confidential company data.

The worst hit counties were the UK – with median costs per firm of $24,200 (£19,700) – the Netherlands and the US.

However, Hiscox claimed that companies were starting to fight back, with them increasing their cyber security spend by 39% over the last three years to a median of $155,000 (£126,300).

“It is encouraging to see that companies are taking steps in the right direction by investing more in cyber security, but keeping pace with the hackers, who continually innovate tactics like business email compromise to threaten businesses both reputationally and financially, is not easy,” Lamb said.

”That’s why it’s so important that businesses consistently update and manage their defences to stay one step ahead of the cyber criminals, which is something we spend a lot of time supporting our clients with.”