Please fill in the form below to subscribe to our blog

Cyberattack Readiness is Down Sharply Says Insurer 

December 08, 2022

Most Businesses Are Dangerously Unprepared for Cyber Threats


In today’s dangerous cyber risk landscape, businesses need to take every precaution against cyberattacks and the devastation that can result from them. Just one successful cyberattack can be the death of a business. An estimated 60% of organizations shutter in the wake of a cyberattack. One of the safeguards that many businesses put in place is cyber insurance.  A new study takes a look at which companies are carrying cyber insurance, why they’ve chosen to carry it and what influences their decision-making about cyber insurance and cybersecurity.  


This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>


The percentage of businesses ready for cyber trouble has plummeted


Hiscox Ltd. is an Anglo-Bermudan insurance provider that is an underwriter at Lloyd’s of London, recently surveyed over 5,000 companies of varying sizes and sectors in eight countries for its 2022 Cyber Readiness Report. The results of that survey shed some light on today’s cyber insurance market and the cyber risks that are impacting it right now.  The most shocking takeaway is that companies simply aren’t as ready to handle cyber threats as they may think. Overall, cyber readiness scores among respondents dropped more than 2% from the 2021 report. 

Even worse, the percentage of respondents whose firms had a high level of security maturity, ranked as “experts” in this survey, has dropped dramatically from last year. In 2021, about 20% of the companies that were studied were classified in the “expert” category. But in 2022, only a dismal 4.5% of respondents made the grade. The U.S. and UK are still at the top of the tree, with 6% of firms in those two areas ranked as “experts”. In a spot of good news, the percentage of companies with low security maturity, ranked as “novices” also dropped, leaving the majority of respondents somewhere in the middle of the pack, ranked as “intermediate”. 


See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>


Previous cyberattack victims are once bitten. twice shy


Another major conclusion is presented right up front: Companies with revenues of less than half a million dollars can now expect to face as many cyber-attacks as larger companies with earnings of $1m to $9m annually. Businesses in seven of the eight countries studied consider cyber risk to be the top risk for businesses. However, that perception is largely based on whether or not the business has experienced a cyberattack previously. More than half of the companies surveyed who have been cyberattack victims see cybersecurity as an area of high risk for the future. But among the companies that have not fallen victim to a cyberattack in the past, only 36% view cybersecurity as an area of high risk.  It is interesting to note that just over two-in-five (41%) of businesses that have been previously attacked say their risk exposure has increased. However, only one in five (23%) of businesses who have not experienced a cyberattack feel that their risk exposure has increased.  

Highlights by Region 

Source: Hiscox


Make sure cybercriminals don’t give you the unwelcome gift of a cyberattack with these 12 tips to reduce holiday risk. GET TIPS>>


How prevalent is cyber insurance? 


Hiscox estimates that 64% of companies now have cyber insurance as a standalone policy or as an element of another business insurance policy. That percentage has climbed up by 6% from 58% of companies having cyber insurance two years ago. Having or obtaining cyber insurance is widely seen as a marker of security maturity and threat readiness. Companies with cyber insurance are more likely to take security seriously and take steps to bolster it by running security awareness training and implementing identity and access management (IAM) controls. Breaking that down, 46% of companies classified as “experts” maintain a standalone cyber insurance policy, compared with 31% of average companies and 29% of companies with low security maturity. 

The percentage of companies who have included cyber insurance in their defensive plan insurance changes depending on the size of the organization, with larger firms more likely to have cyber insurance coverage in some way. Diving deeper, 28% of companies with fewer than 250 employees have a standalone cyber insurance policy and 29% of companies at that level have cyber insurance as part of another policy. More than a third (35%) of firms with 250 or more employees have a standalone cyber policy in place and 40% have cyber cover as part of another policy. More than a third (35%) of firms with 250 or more employees have a standalone cyber policy in place and 40% have cyber cover as part of another policy. Larger companies with more complex defensive challenges tend to carry cyber insurance.


How good is your identity and access management? Use this checklist to see if it’s really getting the job done. GET IT>>


Insurance adoption varies by sector 


Businesses in some sectors are more likely to take out cyber insurance than others, but more than half of businesses in all 13 sectors assessed in this report had cyber insurance either on its own or as an element of another policy. There was some major variation in that mix as various industries respond to their unique risk challenges. It should not come as a surprise that the financial services sector tops the list of industries in which firms are most likely to have taken out cyber insurance, with nearly three-quarters of companies carrying cyber insurance. Not only is the financial sector heavily regulated in many regions, but it was also the sector hardest hit by ransomware attacks in the last two years. On the other end of the scale, companies in the travel and leisure sector and the construction sector were tied as the least likely to have cyber insurance, with only 53% of firms in those industries carrying cyber insurance.  

Source: Hiscox


What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>


Attack experiences & access to experts impact cyber insurance adoption 


There are several factors that impact a company’s decision about whether it should take out cyber insurance. One major factor was a company’s ability to access the kind of expertise that is needed to handle a cyberattack, like a crisis management or IT forensics team. Businesses ranked access to experts as one of the top three reasons for taking out cyber insurance. Concerns about the security of their data were at the top of the list of reasons for taking out cyber insurance for most companies, closely followed by demonstrating to clients that the company is serious about cybersecurity. 

But for firms that had a high score in security maturity, the number two reason for taking out cyber insurance was different. Companies with in-house security expertise were very concerned with limiting claims against the business if the company falls victim to a cyberattack. However, not everyone is interested in taking out cyber insurance coverage. Nearly four in five businesses that don’t currently have cyber insurance say that they don’t plan on getting it. Those companies did not experience a cyberattack in the past year and tend to be classified as “novices” on the maturity scale.  


Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>


Our security solutions get businesses ready to conquer cyber threats


These four solutions work together to provide a robust defense against cyberattacks for any business without breaking the bank.


Security Awareness Training     


BullPhish ID is the perfect solution to use to make that happen!      

  • A huge library of security and compliance training videos with 4 new lessons added a month!     
  • Choose from plug-and-play or customizable phishing training campaign kits     
  • Automation makes training painless for everyone 

Dark Web Monitoring   


Dark Web ID is the answer.    

  • 24/7/365 monitoring using real-time, analyst-validated data     
  • Monitoring of business and personal credentials, including domains, IP addresses and email addresses     
  • Gain priceless peace of mind about dark web dangers 

Identity and Access Management (IAM)


Passly is the perfect multi-tool for IAM packing four essentials into one affordable package

  • Get two-factor authentication (2FA), single sign-on, secure password vaults with one solution
  • Simple, intuitive remote management
  • Roll it out in a snap with easy deployment and seamless integration with common business applications

Automated, AI-powered Antiphishing Email Security    


Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.     

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.       
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.      
  • 3 layers of powerful protection at half the cost of competing solutions      
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.  

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>