New analysis reveals two sectors ‘ energy and government ‘ have become especially vulnerable to cyber threats.
For almost as long as the internet has existed, reducing harm caused by cyber threats has presented a challenge to businesses. Now, it seems the tide could finally be turning on this enigmatic digital threat.
That’s according to the latest Hiscox Cyber Readiness Report ‘ an annual account of commercial responses to cyber threats, which is now in its fourth year.
In a world shaped by ever-changing digital threats, which range from old-fashioned hacking to data breaches, organisations appear to be implementing more robust security measures than ever. The proportion of businesses achieving ‘expert’ status grew from 10 per cent in 2019 to 18 per cent in 2020.
The benefit of increased expertise is not felt universally, however. The report’s UK data has been crunched to reveal stark differences between sectors.
There’s bad news for the energy industry, which faces the highest threat from cyber events, according to the analysis. The sector saw a median loss of more than £100,000 in just 12 months, having been impacted by incidents such as phishing and virus infestation attempts.
Energy businesses demonstrated an impressive effort to become cyber ready ‘ 84 per cent of firms said they had a dedicated cyber security role, for instance. However, it seems this is not enough to mitigate the high level of threat this industry faces ‘ of the 15 sectors analysed, energy was one of those most likely to face a cyber event.
This wasn’t the only high-risk sector. As professional services businesses such as legal firms and accountancies stormed ahead, government and non-profit organisations also lagged behind, facing a significant threat from cyber-attacks and breaches.
In fact, the UK’s government and non-profit sector saw a median loss of £19,000 due to cyber events in the 12-month period analysed. This is despite 70 per cent of organisations having at least one employee whose work focuses on cyber security.
Such trends are as intriguing as they are significant ‘ the energy and government sectors play a central role in society, after all. Stephen Ridley, cyber underwriting manager at Hiscox UK, says the trend is of great concern.
While firms appear to be upping their game when it comes to cyber security at a global level, this is by no means uniform across sectors or countries, he says.
The UK energy sector currently appears to be among the most vulnerable which, given the growing intensity of criminal activity across the globe, is a great concern.
When it comes to government agencies and non-profit organisations, he believes there is a need to implement stronger capabilities to detect and measure cyber threats.
This may help to contain sophisticated attacks and hacking events, according to Stephen.
UK businesses look to the government and the non-profit sector to deliver world-class cyber strategies and secure technologies, therefore the continued improvement of standards is always necessary, he continues.
Government organisations in particular are vulnerable to high levels of threat, and the data identifies the areas where risk mitigation needs to be stronger.
The importance of expert cyber defences
Meeting the risk with appropriate measures could be the secret to blocking cyber-attacks and preventing breaches, even in high-risk industries.
When it comes to the energy sector, Stephen Ridley concurs. The high risk score associated with businesses in this sector highlights the importance of on-going investment in cyber defences to help minimise vulnerability and improve overall cyber security resilience, he says.
This position is supported by the table’s data ‘ cyber protection was a key factor in shaping the energy sector’s risk profile. Just 68 per cent of firms had a cyber insurance policy, leaving almost a third exposed. For government and non-profit organisations, the level of protection was even lower ‘ only 44 per cent of firms were insured against cyber risks.
Across both business groups, mean cyber security budgets were 10 per cent lower than the UK average, suggesting that investment is failing to match the threat.
Business size and interest from hackers
Investment ‘ and the expertise it can bring an organisation ‘ may partially explain the differences between sectors, but there are other factors too.
For instance, big businesses tend to experience greater losses from cyber events, which puts such organisations at greater risk. The largest UK companies faced median losses of £270,000 in the 12-month period the cyber report examines.
The analysis also attributes cyber risk to the number of cyber incidents companies reported facing within the timeframe ‘ it is possible that cybercriminals find certain sectors more appealing than others.
This may create a cocktail of factors which render large government organisations, energy firms and non-profits especially at risk.
However, the success seen in other industries ‘ such as professional services, construction and property ‘ suggests cyber threats are becoming more controllable.
By matching investment to risk, perhaps businesses across all sectors can harness the expertise they need to counter cyber risks in the future.