7 of 10 Companies Fail 'Cyber Readiness Test'

As insurance companies and actuaries try to get a better handle of the risk they're taking on by underwriting policies, they are stepping up their research into how much of the market is cyber ready and how much is not.

Insurance player Hiscox just completed a study with Forrester Consulting that surveyed 4,100 cybersecurity professionals in several countries.

Key findings of the 2018 Cyber Readiness report:

• 70% of companies failed a cyber readiness test: "We measured organizations’ cybersecurity readiness according to the quality of their strategy (broken down into oversight and resourcing) and execution (processes and technology)."
• Most now get that cyber risk is a business risk: "While many firms lack adequate defenses, most are keenly aware of the potential impact of a cyber attack. Two-thirds of respondents (66%) rank the cyber threat alongside fraud as the top risks to their business."
• Spending on cybersecurity varies widely: "On average, the organizations in our sample had an IT budget of $11.2 million, of which 10.5% was devoted to cybersecurity." However, the report says, the most cyber ready companies had markedly bigger IT budgets than the more unprepared ($19.8 million on average versus $9.9 million) and devoted a higher proportion to cyber security (12.6% versus 9.9%).

Country by country breakdown of breach preparedness and cyber incident cost

You can read the entire 2018 Cyber Readiness report here, which starts with a note of intrigue and creative writing by Gareth Wharton, Cyber CEO at Hiscox:

"Cybersecurity poses a challenge unlike any other. Businesses large and small, both public and private, face an enemy that is unseen and largely unknown, has seemingly shape-shifting powers and appears utterly unrelenting. Each year brings a renewal of the contest but in a subtly different form. This is an enemy that can be confronted but never quite defeated."

Sounds a lot like the sentiments we hear from our Advisory Council members at SecureWorld cybersecurity conferences across the U.S. and why they believe in collaborating against the enemy, year after year.