Three in every five global firms have reported a serious data breach in the past year.
The Cyber Readiness Report 2019, conducted by insurer Hiscox, found that 61% of firms have been breached in the past year; a huge jump from the 45% that reported a breach in 2018.
In the UK alone, this figure decreases to 55% of firms reporting an attack. However, this number has jumped 15% from the 40% of firms being breached in 2018.
Globally, larger firms remain a clear target for cyber criminals with 70% of firms with more than 250 employees vulnerable to cyber attacks. This figure jumps to 74% of firms with over 1,000 employees.
However, small to medium sized firms have cited the largest increase in targeted attacks over the past year. In 2018, a third of firms were targeted. The 2019 report has found that this figure has climbed to 47%. Similarly, 63% of medium sized firms have faced cyber attacks in 2019, compared with only 36% in 2018’s Cyber Readiness Report.
Overall, the mean financial loss of each firm that have reported a serious data incident is now £285,096; this equates to losses increasing by a quarter from the £229,000 lost to victims in 2018.
Whilst the mean financial losses for the UK are considerably lower than the global average, each firm breached in the UK represents individual business losses of more than £180,000. This is a significant jump from the £103,000 losses a year earlier.
Despite the serious financial losses, the UK is spending less on cyber security than all other countries monitored in the report. The average UK spend of £695,000 is dwarfed by the global average spend on cyber security of £1.12 million.
39% of all firms have committed money to staff training, an increase from 34% in 2018. Fewer firms are looking into the use of new technologies to protect their online presence as the 50% that are investing is a 7% reduction from the 57% a year earlier. A third of firms are looking at bringing in cyber security staff whilst a third are looking to outsource their cyber security.
Worryingly, 20% of all UK firms have no defined role for cyber security in their business. Of the 80% that were able to demonstrate a commitment to cyber security, 72% were deemed to be vastly unprepared for a cyber attack with only 10% considered experts.
The report highlights that firms are also increasingly susceptible to cyber attacks through weaknesses in the supply chain. 60% of UK firms have been made vulnerable because of inadequate cyber security with suppliers they work with.
Additionally, 74% of businesses monitor the cyber security of their partner suppliers at least once per quarter. Businesses are beginning to monitor the cyber security of other firms to determine whether they are safe to work with. If your law firm is unable to demonstrate it has incorporated cyber certifications or processes to protect itself, clients and suppliers from cyber attack, you could struggle to attract new business and it will deter suppliers from working with you in the future.
Is your firm prepared for the impact of a serious cyber attack? Would a supplier or rival law firm feel secure in working with you if they checked your cyber security?
