Cost of cybercrime per incident jumps six-fold to €50,000

23 June 2020 Consultancy.eu

The average cost of cybercrime in Europe has risen steeply to $57,000 (€50,000) per incident, according to a new analysis by Forrester Consulting and Hiscox. 

The researchers surveyed over 5,500 leaders, risk and IT experts at companies in seven European countries – Belgium, France, Germany, Ireland, Netherlands, Spain and UK – to gain insight in the state of the cybersecurity landscape and the threats and damages being faced.

It was found that, across the board, the median cost to companies that suffered cyber incidents and breaches jumped to $57,000 over the past 12 months. That represents a near six-fold increase on the previous year’s $10,000. Notably, hackers are ramping up the use of phishing, malware infections and DDoS attacks.

In general, it are the bigger companies that paid the highest price for an online presence. This should be no surprise, as they were also the most heavily targeted. More than half of all enterprises (51%) – those with 1,000-plus employees – said they had at least one cyber incident. They also reported by far the most cyber incidents (a median 100) and breaches (80). While large companies almost certainly were targeted more than the rest, they may also have been better at spotting attacks. 

Firms reporting at least one cyber event + Median cost of all incidents and breaches

“The cost and intensity of cybercrime is markedly higher. For example, the numbers that have paid a ransom following a malware infection are chilling. Nobody should doubt the scale of the problem,” said Gareth Wharton, Cyber CEO of Hiscox.

The figures suggest cyber criminals increasingly see energy and manufacturing firms as lucrative targets, on top of an industry that has been the main target for years: financial services.

IT spending

Against the backdrop of the growing cyber-threats landscape, it is not surprising that spending over the past year has surged by 39%. Average spend among the respondent firms rose to $2.1 million, up from $1.5 million the previous year. This number reflects both an increase in overall IT budgets and a 30% jump in the proportion devoted to cyber activities.

IT budget spent on cyber security, pg 5 + How cyber spending has risen

French firms are found to be the biggest spenders, lifting their cyber budgets from $2.1 million on average to $3.1 million. Spanish firms were close behind, at $2.6 million and $2.4 million respectively. The UK, historically a laggard in past studies of Forrester Consulting and Hiscox, started to catch up – with average spend on cyber of $1.5 million compared with just under $900,000 the previous year.

Meanwhile, the number of companies that purchase cyber insurance continues to rise. As it stands, 20% of the companies have such an insurance, up from 9% three years ago. Just over a quarter of firms (26%) have standalone cyber policy and a further 18% said they planned either to purchase standalone cover or add it as coverage to their existing policies.

The report further warns companies to not forget about the importance of employee behaviour. For some cases of fraud, internal employees form a larger threat than externals, and in the case of externally-induced incidents, better handling from employees could make a huge difference to the impact and cost of the incident.