Hiscox research finds increased prevalence of cyber attacks on businesses for fourth consecutive year

  • Over half (53%) of businesses suffered at least one cyber attack over the last 12 months 
  • The impact of cyber risk cannot be underestimated, with one in five firms (21%) attacked saying it was enough to threaten the viability of the business
  • Frequency of cyber attacks is increasing for small businesses with 10 employees or less
  • Business Email Compromise remains the hackers’ weapon of choice

London, UK (10 October, 2023) – Over half (53%) of businesses suffered at least one cyber attack over the last 12 months – a five-point increase on the previous year (48%) according to new data from the latest Hiscox Cyber Readiness Report. 

The Hiscox Cyber Readiness Report www.hiscoxgroup.com/cyber-readiness  – based on the views of over 5,000 organisations of all sizes across eight countries – found that cyber attacks have increased for the fourth consecutive year. Attacks on small businesses with less than ten employees have risen from 23% to 36% over the last three years, as cyber criminals look to leverage vulnerabilities in IT technology. Small businesses of less than 250 employees also report a lack of confidence around cyber, with only three in five (61%) confident that they could handle an attack, compared to 71% of larger businesses. Companies with 1,000 or more employees felt that cyber attacks were more commonplace than ever before, with seven out of ten (70%) experiencing at least one attack – up from 62% a year ago. 

For those businesses who suffered an attack, one in five were held to ransom, with those willing to pay falling slightly to 63% compared to 66% the previous year. For large businesses with over 250 employees, 46% paid a ransom to protect customer data, while 42% of smaller businesses with less than 250 employees say they paid to protect confidential company data. Fewer companies paid a ransom with the motive to be operational again. The cost of attacks was marginally more contained, with the median cost on a business falling from $17,000 to just over $16,000.  However, the impact of cyber risk cannot be underestimated, with one in five firms (21%) that were attacked saying it was enough to threaten the viability of the business.

Even though companies are dealing with risks like tough market conditions, due to both a challenging economy and in many cases increased competition, cyber is still reported as the top risk to businesses in five of eight countries surveyed. Business email compromise (BEC) was the number one entry point for hackers with one-in-three companies experiencing payment diversion fraud (PDF) because of a cyber attack. In response to the greater number of cyber attacks, companies are fighting back – increasing their cyber security spend by 39% over the last three years to a median of $155,000, with smaller businesses quadrupling their spend over the last two years to a median of $8,100. 

Eddie Lamb, Global Director of Cyber Education and Advisory, said: “Cyber is now a standard business risk, with the number of attacks increasing for the fourth year in a row. it is encouraging to see that companies are taking steps in the right direction by investing more in cyber security, but keeping pace with the hackers, who continually innovate tactics like business email compromise to threaten businesses both reputationally and financially, is not easy. That’s why it’s so important that businesses consistently update and manage their defences to stay one step ahead of the cyber criminals, which is something we spend a lot of time supporting our clients with.”

In 2017, Hiscox introduced the CyberClear Academy which has trained almost 36,000 individuals from 7,000 small and medium businesses. The cyber training is offered through various partners and helps Hiscox customers educate their employees – a key defence against cyber crime. In 2021, Hiscox released the Hiscox Maturity Assessment, a free online tool allowing businesses to identify strengths and weaknesses in their security profile and compare their scores to over 16,000 companies (www.hiscoxgroup.com/cyber-maturity).




For further information please contact: 

Carmel McCarthy                   07769 280903

Katie Bergin                            07872 953065             


Notes to editors


About The Hiscox Group

Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected specialist insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle.

The Hiscox Group employs over 3,000 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the USA, we offer a range of specialist insurance products in commercial and personal lines. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re & ILS.

Our values define our business, with a focus on people, courage, ownership and integrity. We pride ourselves on being true to our word and our award-winning claims service is testament to that. For more information, visit www.hiscoxgroup.com.


All press releases