Sixty-one percent of firms suffered a cyber attack in the past year, compared to 41 percent the year prior. The median cost for losses associated with cyber incidents shot up from $229,000 to $369,000, says a 2019 Hiscox cyber Reading Readiness Report. 

More key findings include:

• More firms fail the cyber readiness test as there was a small decline this year in the proportion of firms achieving ‘expert’ scores for their cyber strategy and execution – down from 11 percent to 10 percent. 
• The mean figure for losses associated with all cyber incidents among firms reporting attacks has risen from $229,000 last year to $369,000 – an increase of 61 percent, with medium and large firms bearing a disproportionate amount of the cost.
• The figures above are strongly influenced by a sharp rise in the cost of the biggest single incident reported. The mean cost has jumped from $34,000 a year ago to a fraction under $200,000. For large firms, there has been an 18-fold rise to $395,000. The comparable figure for small firms is $9,000, up from $3,000 in 2018.
• Nearly two-thirds of firms (65 percent) have experienced cyber-related issues in their supply chain in the past year. Three quarters of technology, media and telecoms (TMT) and transport firms have been hit.
• The average spend on cyber is now $1.45 million and the pace of spending is accelerating. The total spent by the 5,400 firms in the report comes to a remarkable $7.9 billion. Two-thirds of respondents say they plan to increase their spending on cyber by five percent or more in the year ahead.
• While larger firms are still the most likely to suffer a cyber attack, the proportion of small firms (less than 50 employees) reporting one or more incidents is up from 33 percent to 47 percent. For medium sized firms with between 50 and 249 employees the proportion has leapt from 36 percent to 63 percent.
• More than three out of five firms (61 percent) reported an attack in the last year – up from 45 percent the previous year. The frequency of attacks has also increased. Among the seven countries, Belgian firms are the most likely to have been attacked, US firms the least likely.