The property, pharmaceuticals and healthcare, and travel and leisure industries have been the most heavily impacted by cybercrimes in the past year, according to research from Hiscox.
By Maggie Mancini
New research finds that cyberattacks across the United Kingdom have risen in for the third consecutive year, with nearly half of all businesses experiencing them. The findings are part of Hiscox’s “Cyber Threat Ranking Table,” which uses data from the latest Hiscox Cyber Readiness Report to identify which industries are most at risk of a cyberattack. The rankings are informed by data from nearly 1,000 U.K. companies.
Scores range from seven to 70, with seven being the lowest risk and 70 being the highest. The risk score is based on how optimistic business leaders are about their ability to deal with future cyberattacks. It takes several factors into account, including the number and cost of cyber events faced by surveyed firms within each of the sectors.
- Property (51)
- Pharmaceuticals and healthcare (49)
- Travel and leisure (48)
- Professional services (45) and food and drink (45)
- Construction (44)
- Government and nonprofit (41), manufacturing (41), and retail and wholesale (41)
- Energy (40)
- Financial services (38)
- Business services (37)
- Transport and distribution (35)
- Technology, media, and telecommunications (31)
The research suggests that the property, pharmaceutical and healthcare, and travel and leisure sectors are the top three industries most at risk in the U.K. Overall risk scores for organisations with one to nine employees have increased from last year with an increased risk score of nine points. In contrast, the risk score for organisations with more than 1,000 employees decreased slightly from 38 last year to 36 this year.
Key findings from the report are listed below.
- Almost half of U.K. businesses report experiencing at least one cyberattack in the last 12 months.
- The number of cyberattacks is on the rise, with U.K. businesses experiencing a median of six cyberattacks across 12 months.
- U.K. businesses have experienced a median annual loss of over £19,000 due to cyber-related incidents.
- Almost half (46%) of U.K. businesses have a dedicated person or team responsible for cybersecurity, with over a third (37%) of businesses regularly discussing or evaluating their security.
- The most common point of entry for cyberattacks in the U.K. is business email compromise.
- Almost two-thirds (59%) of U.K. organisations say they are more vulnerable to cyberattacks due to remote work.
The most common outcome of cyberattacks is misuse of IT resources (29%). This is most heavily seen within the energy sector with over half (54%) agreeing. This is also the most common response for medium-sized businesses with 250 to 999 employees, with over two-thirds (36%) giving the same answer.
As a result of cyberattacks over the last year, the most common result for businesses across the U.K. is that security and privacy are regularly evaluated and discussed (37%). Over half (55%) of government and nonprofit organisations say they have implemented additional cyber security and audit requirements. Businesses with 250 to 999 employees say that the highest impact is increased costs associated with notifying customers, with over two in five reporting this (43%).
Three in five U.K. organisations (59%) agree that they are more vulnerable to cyberattacks because more employees are working remotely. The pharmaceutical and healthcare sectors agree with this the most, with almost three quarters (74%) reporting the same. Large organisations with over 1,000 employees also agree, with almost three quarters (72%) stating their organisations are more vulnerable to cyberattacks for this reason.
U.K. organisations spent a median of £477,950 on their overall IT budget. Businesses with over 1,000 employees spend the most, with a median of £23,897,500. This spending was highest for the financial services sector, at £7,760,070.