Cost of data breaches to businesses at five-year high

The cost of dealing with cyber events such as ransomware and viruses more than tripled for businesses since 2018, according to a study into the last five years of cyber preparedness. Business insurer Hiscox reviewed data from its annual Cyber Readiness reports going back to 2018 to uncover the rising impact of cyber attacks on global businesses.

The financial toll of cyber events, which include data breaches, was estimated at an average of $16,950 (£15,265) per year in Hiscox’ 2022 Cyber Readiness report. The data revealed that half of all companies surveyed experienced at least one cyber attack in 2022, up from 39% in 2020.

Industries differed in how they were impacted, with the Financial Services and Technology, Media and Telecom (TMT) sectors reporting a minimum of one attack for three consecutive years. According to the latest report, as many as two-thirds (66%) of Financial Services firms were impacted by one or more cyber attack in 2021-22.

While the median cost of cyber events has increased, there is evidence that businesses are getting savvier in their cyber preparedness, with the average IT budget for cyber security in 2022 being $5,235,162.16 (£4,714,482.83). This marks a three-fold spend increase compared to 2018 ($1,470,196.05 (£1,323,973.13)).

Alana Muir, Head of Cyber at Hiscox, comments on the findings: “Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realisation by businesses that the impact can be just as severe. While there has been some fluctuation over the years, cyber attacks are on the rise, so the increased focus and investment from businesses to minimise damage to their brand, operations and customers is positive.

“A proactive approach to cyber security is the best way to reduce the likelihood of a cyber event and limit the impact. Businesses should regularly evaluate their processes, people management and knowledge of the subject, and aim to create a culture of cyber security where everyone is well-equipped to respond, should the worst happen.”

To see the five-year report, click here