More than half of British firms 'report cyber-attacks in 2019'

Image source, Getty Images

The proportion of UK firms reporting a cyber-attack has jumped, despite most businesses admitting they are under-prepared for breaches, according to research from Hiscox.

The insurer found 55% had faced an attack in 2019, up from 40% last year.

But almost three quarters of firms were ranked as "novices" in terms of cyber readiness.

Hiscox said a lot of businesses "incorrectly felt that they weren't at risk".

The firm surveyed more than 5,400 small, medium and large businesses across seven countries, including the UK, Germany, the US, Belgium, France, the Netherlands and Spain.

It said there had been a "sharp increase" in the number of cyber-attacks this year, with more than 60% of firms having reported one or more attacks - up from 45% in 2018.

Average losses from breaches also soared from $229,000 (拢176,000) to $369,000, an increase of 61%.

Despite this, the insurer said the percentage of firms scoring top marks on cyber security had fallen, with UK organisations doing particularly badly.

British firms had the lowest cyber security budgets, it said, spending less than $900,000 on average compared with $1.46m across the group.

They were also joint-least likely with US firms to have a "defined role for cyber security" on their staff. In France the proportion was closer to one in ten.

Gareth Wharton, head of Cyber at Hiscox, said the low UK spending could be driven by the large number of small businesses in Britain.

"They may feel like they won't be targeted, as we tend to only read about large breaches in the press. If they incorrectly feel that they won't be targeted, they may be less likely to spend on cyber security."

However, Hiscox also found the average cost of an attack in the UK was lower than average at $243,000, compared with $906,000 in Germany and $486,000 in Belgium.

New regulation has also prompted action, with eight in ten UK firms saying they had made changes since the introduction of tough new EU data protection rules last year.