Almost half of U.K. businesses have experienced a cyberattack in the last year, according to global insurance specialist Hiscox’ seventh annual Cyber Readiness Report. To derive at this statistic, Hiscox surveyed U.K. businesses across 14 sectors to determine how businesses view cybersecurity and whether they are equipped to face cyber-threats.
The data trend shows that cyberattacks have increased by 9 percent between 2022 and 2023. While there are different forms of attack modalities, the most common point of entry for cyberattacks is business email compromise.
The findings are part of Hiscox’s Cyber Threat Ranking Table, which identifies which industries are most at risk of a cyberattack. The rankings are informed by data from almost 1,000 U.K. companies.
Going forwards, the confidence level from the industry is low for almost two-thirds (59 percent) of organisations agree they are more vulnerable to cyberattacks due to employees working remotely.
U.K. businesses experienced a median annual loss of over £19,000 due to cyber-related incidents. U.K. organisations with over 1,000 employees experienced the highest costs due to cyberattacks with a median cost of £71,692.50 over the last 12 months.
Within this bleak business outlook, some sectors stand as more vulnerable than others. For instance, the property sector is the most at risk for cyberattacks.
The report drew on a representative sample of more than 5,000 companies across eight countries by size and sector, to reflect the direct experience of businesses against the ever-evolving cyber-threat.
The outcome is:
Ranking | UK business sector | Hiscox Cyber Risk Score |
1 | Property | 51 |
2 | Pharma and healthcare | 49 |
3 | Travel and leisure | 48 |
=4 | Professional services | 45 |
=4 | Food and drink | 45 |
5 | Construction | 44 |
=6 | Government / non-profit | 41 |
=6 | Manufacturing | 41 |
=6 | Retail and wholesale | 41 |
7 | Energy | 40 |
8 | Financial services | 38 |
9 | Business services | 37 |
10 | Transport and distribution | 35 |
11 | Technology, media and telecommunications | 31 |
With the table above, the scores range from 7-70, with 7 being the lowest risk and 70 being the highest. The risk score assigned was based on how optimistic business leaders are about their ability to deal with future cyberattacks. This took into account several factors, including the number and cost of cyber events faced by surveyed firms within each of the sectors.
The research suggests that the property, pharma and healthcare, and travel and leisure sectors were the top three industries most at risk in the UK. While property made a significant increase with a risk score of 38 last year, and 51 this year, the pharma and healthcare sector also had a higher risk score this year of 49, whereas last year it stood at 39. Business services made the best improvements to their overall risk scores with 37 this year, down from 42 last year. Retail and wholesale, financial services, and technology, media and telecommunication also all improved their scores over the last 12 months. Overall risk scores for organisations with 1-9 employees have increased from last year with an increased risk score of 9 points. In contrast, the risk score for organisations with over 1,000 employees has decreased slightly from 38 last year to 36 this year. This shows an improved ability to deal with potential cyberattacks among organisations of this size.