Serious cyber-attacks increase 25% year on year and now average a cost of over $3m
Leading global intelligence and cyber security consultancy S-RM has today launched its 2022 Cyber Security Insights Report, which examines the specific cyber security challenges faced by C-suite leaders and senior IT decision makers across the globe.
Drawing on data from 600 C-suite and IT budget holders from organisations with a revenue over $500m, the report found that 75% of senior IT leaders report experienced a serious cyber-attack in the past three years, up from just 60% of respondents in 2021 – a 25% increase overall. US businesses were slightly more likely to experience a serious cyber-attack (77%) compared to their UK peers (73%), though both markets saw an increase in attacks in 2022.
Incident type experienced | 2021 | 2022 |
Data exfiltration | 37% | 46% |
Ransomware/extortion | 30% | 40% |
Hactivism/web/social defacement | 32% | 39% |
Denial of Service/Sabotage | 28% | 39% |
Fraud | 29% | 38% |
Cryptojacking | 27% | 33% |
Data source: S-RM Cyber Security Insights Report 2022
Jamie Smith, board director at S-RM said: “Our latest report shows the sheer scale of serious cyber-attacks on businesses in the UK and the US, with three in four businesses affected in the last three years. This is a growing problem and one with serious ramifications for affected organisations. Instances of data theft, ransomware, fraud, cryptojacking, and other attacks all increased this year, causing significant financial damage.
The report also examined the damage caused by these attacks, which averaged nearly $3.4m (£3m). Respondents reported an average direct loss from a serious cyber incident of $1.5m (£1.3m), a significant figure that doesn’t take into account an incident’s long-term fallout, which can cause businesses further financial damage. Indirect losses, such as reputation damage or ransoms paid by an insurer, were actually often more costly than the initial incident itself, averaging $1.87m (£1.5m). These indirect costs were slightly higher amongst UK IT leaders ($1.95m / £1.7m) than US senior IT leaders ($1.79m / £1.56m).
The most common impacts of cyber incidents across this period were the result of operational downtime (reported by 40% of respondents), increased insurance premiums (36%), reputational damage (34%), and legal costs (34%).
Jamie Smith, board director at S-RM added: “Often businesses will focus on the direct financial impact of a cyber incident, but the indirect impact can be even higher and far more difficult for them to accurately quantify. This is part of the reason why an effective incident response plan and relevant training is so important. The right plan can minimise the secondary impact of attacks, help to limit reputational damage, aid recovery, and minimise costly downtime.
“As the cyber threat continues to grow, investment in the right planning and expertise will become an even more crucial risk management necessity.”
Indirect costs of cyber incidents | Percentage of respondents reporting these effects |
Operational downtime | 40% |
Increased insurance premiums | 36% |
Reputational damage | 34% |
Legal costs | 34% |
Regulatory investigation | 33% |
Ransom payments | 32% |
Recovery/response costs | 32% |
Regulatory penalty | 28% |
Lost business | 25% |
Data source: S-RM Cyber Security Insights Report 2022
Further detail on the full report can be accessed on the S-RM website, here: https://www.s-rminform.com/cyber-security-insights-report