Hiscox Cyber Readiness Report 2024 Reveals Irish Businesses experienced average of 58 Cyber Attacks in last 12 month.
- 74% of organisations report an increase in cyber attacks over the past year
- 76% consider cyber resilience crucial to their overall business strategy
- 65% believe reputational damage from a cyber attack would significantly harm their business
- More than 1-in-10 reported financial cost of attacks between €1m & €10m
The annual Hiscox Cyber Readiness Report 2024 has unveiled a troubling trend among Irish businesses, with almost three-quarters (74%) reporting an increase in cyber attacks over the past year (2023: 71%, 2022: 50%).
With attacks on the rise, Hiscox’s research says business reputation and brand trust are becoming increasingly at risk. Almost half (47%) of businesses have suffered reputational damage due to the loss of sensitive information following a cyber attack, while among those businesses impacted, 47% reported considerable challenges in attracting new customers, compared to 20% the previous year.
These attacks are coming at an increasing rate, with Irish businesses reporting an average of 58 cyber attacks per year - more than one a week.
Lorraine Rowland, Senior Claims Underwriter at Hiscox Ireland, commented:
“The Hiscox Cyber Readiness Report serves as an essential resource for understanding the current state of cybersecurity preparedness among businesses and offers guidance on best practices to combat evolving threats. As organisations navigate an increasingly complex digital landscape, prioritising cybersecurity remains critical.
“Organisations are experiencing an increased number of cyber attacks year-on-year with Irish businesses experiencing one cyber attack a week, on average. Successful attacks are not only affecting businesses’ operational efficiency; the damage to brand reputation can have a substantial and long-term effect. We have seen first-hand how organisations in Ireland can be targeted by a cyber attack and without an effective response they could suffer days and possibly weeks of business interruption which in turn can damage relationships with customers and suppliers.
“Cyber threats are no longer an ‘if’ - they’re a ‘when’ - so having a resilient cyber security framework is a necessity to reduce the risk of a damaging attack and to have an effective plan in place if the worst occurs.”
The adoption of new technology is also contributing to the rise in cyber attacks. As businesses start to introduce new technologies at a rapid pace, the vulnerabilities they face also increase. 70% of the businesses surveyed said they have already integrated Generative AI (GenAI) into their daily business activities, with over half (56%) believing it will significantly impact their cyber security risk profile. Despite this, many businesses are underprepared: 34% admit that their cyber security measures are compromised due to a lack of expertise in managing the risks associated with emerging technologies.
The report, now in its eighth year, surveyed over 200 companies in Ireland as part of a broader study involving 5,005 professionals across eight countries. It highlights that cyber resilience is increasingly viewed as a vital component of overall business strategy, with 76% of respondents indicating its importance. Moreover, 52% reported improvements in their cyber resilience over the past year.
Key findings from the report include:
- Emerging Risks: A significant 61% of leaders anticipate that technologies like virtual reality and the Internet of Things (IoT) will elevate their cybersecurity risks.
- Financial Consequences: Over half (56%) of respondents experienced financial losses due to Payment Diversion Fraud, with 52% reporting total costs below €100,000, while 11% reported the total financial cost ranges between €1m and €10m.
- Dedicated Cybersecurity Resources: 74% of organisations have appointed dedicated personnel or teams responsible for cybersecurity, demonstrating a proactive approach to risk management.
When assessing risk exposure, loss of unencrypted data was identified as the top threat by Irish business leaders. Insider threats and virus outbreaks closely followed. Among those who perceive their risk exposure as high or very high, 68% noted an increase in risk over the past year, attributing this rise primarily to increased use of personal devices for work and a greater number of our employees working remotely
Eddie Lamb, Chief Information and Security Officer at Hiscox, added: “In today’s business environment, protecting the reputation of any business is just as critical as safeguarding the physical assets. Businesses will spend not only years but also thousands if not millions of pounds building their reputation, only to see it destroyed in minutes following a cyber attack. It is vital that businesses continue to foster an environment where cyber education is a continuous process, ensuring every member of the organisation understands the critical role they play in maintaining cyber security.”
What is the Cyber Readiness Report 2024
Hiscox, in partnership with Man Bites Dog, conducted an opinion research study among 2,150 professionals responsible for their company’s cyber security strategy. This included 400 interviewees from the USA and 250 from each of the following countries: the UK, Ireland, France, Germany, Spain, Belgium and the Netherlands. The interviews were conducted between 12 August and 2 September 2024.
This report includes comparisons to previous years’ studies, mainly the 2023 Cyber Readiness Report. The 2023 sample of 5,005 professionals included over 900 each from the USA, the UK, France and Germany; over 400 from Spain; and 200-plus from Belgium, the Netherlands and Ireland.
The 2024 Cyber Readiness Report is based on a more specialised research sample consisting of business leaders and IT decision-makers. Respondents also included a larger proportion of large organisations (1,000+ employees) than in previous years. Hiscox Cyber Readiness Report was first launched in 2016.
An in-depth evaluation: The Maturity Model
The Maturity Model offers insurance brokers a robust review of a company’s cyber risk profile.
It allows company’s and brokers to assess and gauge the firms’ strengths in six key cyber security areas, using an in-depth question set.
The result is a gold standard, value-added service, allowing companies to see where they have gaps in their cyber security operations across three key functions – people, process and technology.
