image showing business woman holding laptop in dark room

The Hiscox Cyber Readiness Report 2024

67% of companies reported a cyber attack in the past 12 months

Our eighth annual Hiscox Cyber Readiness Report highlights the increasing frequency and complexity of cyber attacks, their effect on brand trust, and the double-edged sword of disruptive technologies.

The proportion of companies facing attacks has increased for the fourth straight year. Our findings align with the World Economic Forum's Global Cybersecurity Outlook 2024, which underscores the growing prevalence of cyber attacks globally.

The 2024 Hiscox Cyber Readiness Report highlights the critical impact of attacks on brand reputation, with compromised data leading to loss of customer trust and business.

Rapid technological advancement means increasingly sophisticated cyber attacks, leaving many firms vulnerable.

As emerging technologies outpace traditional security measures, many firms are struggling to invest adequately in the right talent, tools and strategies to protect against new threats.

Despite the frequency of attacks, there are signs of improvement.

In 2023, we showed how businesses were navigating more attacks by increasing cyber security spending. One year later, cyber attacks continue to rise in both frequency and sophistication amid remote working trends and rapid advancements in generative AI and cloud computing.

Further investment in employee awareness and cyber security reflects a growing understanding in the business community that cyber resilience is not just a protective measure but a critical component of long-term success.

The Hiscox Cyber Readiness Report 2024 provides an overview of the state of commercial cyber security across eight markets: the UK, the US, Spain, the Netherlands, Germany, France, Belgium, and Ireland.

Download the report

Hiscox Cyber Readiness Report 2024

Download the 2024 report

Hiscox Cyber Readiness Report 2023

Download the 2023 report

Hiscox Cyber Readiness Report 2022

Download the 2022 report

Hiscox Cyber Readiness Report 2021

Download the 2021 report

Hiscox Cyber Readiness Report 2020

Download the 2020 report

Hiscox Cyber Readiness Report 2019

Download the 2019 report

Hiscox Cyber Readiness Report 2018

Download the 2018 report

International data reveals a fourth straight rise in cyber attacks

The results of our 2024 report arrive as businesses adapt to rapid technological advancements and continuing economic uncertainty.

Our research paints a mixed picture of the eight international markets we cover. It shows:

  • The majority of businesses have faced cyber attacks. The proportion has risen for the fourth consecutive year from 53% to 67%.
  • Businesses are facing more cyber attacks. 66% of international businesses surveyed reported an increase in cyber attacks in the last 12 months. 17% experienced more than 50 attacks.
  • Big losses are common. 13% of attack victims estimate a financial loss between $100,000 and $499,000. 
  • Businesses are vulnerable to cyber attacks. One-third of business leaders (34%) feel their organisation is not adequately prepared to handle attacks.
  • Fraud remains the largest cyber threat. 40% of international businesses now consider fraud a high risk for their organisation, an increase of 6% compared to 2023. 
  • New technologies are proving disruptive. 70% of firms have already integrated generative AI (GenAI) into their operations. 56% of leaders believe GenAI will have a significant impact on their cyber security risk profile.
  • Reputations are at risk. 47% of organisations that experienced a cyber attack report greater difficulty in attracting new customers, and 43% report losing customers.
  • Employee awareness is considered key. Two-thirds of leaders (65%) say their organisation has invested in additional cyber security training for remote employees to mitigate the risk of cyber attacks. 

UK businesses are among the most likely to face cyber attacks

When focusing specifically on the UK, our data reveals some critical trends. In our 2023 report, UK businesses were among the least likely to face cyber attacks. In the 2024 report, they are now the second most likely to encounter attacks, behind Ireland as the most probable.

UK businesses also received the second-highest number of cyber attacks per organisation in the past 12 months.

More UK findings include the following:

  • 70% of business leaders saw an increase in cyber attacks in the past 12 months. This is up 10% compared to 2023.
  • Business email compromise remains the most common entry point for the second year running. Payment diversion fraud accounted for 57% of reported attacks.
  • Insider threats are the largest perceived risk. 42% of leaders identify insider threats as a significant risk to their organisation.
  • More than half of businesses feel more vulnerable due to remote working. Many UK businesses that have experienced more cyber attacks attribute this to the rise in remote work.
  • Reputations are at stake. Over one-third of business leaders (35%) identify a desire to avoid the reputational damage caused by cyber attacks as one of the main drivers behind their cyber risk management plan.

Reputations at risk: The impact of cyber attacks on brand trust

Attacks on the rise

While exposure to cyber attacks has dropped from the top perceived risk in 2022 and 2023 to third place in 2024, it remains a significant concern for business leaders.

67% of firms reported an increase in the number of cyber attacks in the past 12 months. The average number of cyber attacks per organisation rose from 63 in 2022/23 to 66 in 2023/24.

26% of business leaders say their firms lack the resources to manage cyber risks effectively.

The most common outcome of cyber attacks was financial loss due to payment diversion fraud, experienced by 58% of firms, up from 34% the previous year.

Reputations at stake

Concerns about reputational damage are high:

  • 61% of business leaders believe the reputational damage from a cyber attack would significantly damage their business.
  • 64% of leaders believe they risk losing business if they don’t handle client and partner data securely.
  • These concerns are justified, as evidenced by the increasing impact of cyber attacks on organisations over the past 12 months:
  • 47% of organisations had greater difficulty attracting new customers (compared to 20% the previous year).
  • 43% lost customers (compared to 21% the previous year).
  • 38% faced bad publicity, which impacted their brand reputation (compared to 25% the previous year).
  • 21% lost business partners (compared to 16% the previous year).

The human factor is a vulnerable entry point

The most common points of entry for cyber attacks were: 

  • Business email compromises (e.g., credential or server compromises).
  • Corporate servers on the cloud (e.g., exploited vulnerability on a web server).
  • Employee (e.g. via a form of social engineering).

Additionally, 44% of firms cited increased risk through employees using personal devices for work.

Disruptive technology: A double-edged sword for cyber security

Dangers of disruption

The corporate technology landscape is rapidly evolving.

67% of business leaders are prioritising investment in cutting-edge technology. However, many underestimate the associated cyber security risks.

Generative AI (GenAI) now has the highest adoption rate (70%) among the technologies surveyed, surpassing cloud computing (56%), the Internet of Things (53%), virtual desktops (47%), and blockchain/cryptocurrency (46%).

Despite this, many organisations are not fully aware of the associated risks.

  • 56% of leaders believe GenAI significantly impacts their cyber security risk profile.
  • 32% of firms admit they are lagging in adopting necessary cyber security measures.

Cyber skills gaps

The cyber skills gap remains a significant challenge in addressing these risks:

  • 52% of firms report a critical shortage of skilled cybersecurity professionals.
  • 34% of firms admit their cyber security measures are compromised due to a lack of expertise in managing emerging tech risks.

Turning risk into opportunity

While advanced technologies may increase cyber risks, they also offer powerful tools for organisations’ defences.

GenAI systems can quickly create detailed reports on threat levels and vulnerabilities, enabling organisations to make more informed decisions about their cyber security investments and strategies.

Almost two-thirds (64%) of business leaders believe that GenAI will be pivotal in shaping their cyber security approach by 2030.

Cyber resilience: A pillar of long-term business success

Resilience is a worry

Three-quarters of firms consider cyber resilience very important to their overall business strategy, with 44% rating it as extremely important.

However, organisational readiness lags:

  • 40% of leaders classify their cyber resilience maturity as ‘basic’ or ‘ad-hoc’.
  • 34% feel their organisation is not adequately prepared to handle cyber attacks.

This disparity highlights the need for organisations to turn their awareness into action and improve readiness.

Expanding employee awareness

The human factor remains a critical vulnerability in cyber security:

  • 46% of organisations that experienced a cyber attack in the past year report that an employee was the first point of entry.

As a result, firms are taking steps to mitigate risks:

  • 65% of leaders have invested in additional cyber security training for remote employees.
  • 72% of firms have a dedicated leader responsible for cybersecurity. This percentage rises to 97% in companies with over 1,000 employees.

Investing in cyber security

Financial commitment varies between different organisation sizes: 

  • In 2023, 81% of firms allocated up to 10% of their annual revenue to their overall IT budget, with an average of 11% spent on cyber security.

Interestingly, smaller firms allocate a larger proportion of their budget to cyber security: 

Three-quarters of companies with 1-10 employees spend 11-20% of their IT budget on cyber security.

The value of learning lessons

The 2024 Hiscox Cyber Readiness Report offers mixed results.

On the one hand, more businesses are encountering increasingly sophisticated cyber attacks because of advanced technologies. On the other hand, cyber security spend continues to grow. With the right investment, those same technologies can be leveraged to bolster resilience.

Whatever your sector and business size, our research aims to illuminate potential areas for attention. It could help your company pinpoint specific risks and protect against complacency.

“In today’s business environment, protecting your reputation is just as critical as safeguarding your physical assets—and that’s where insurance plays a key role. Comprehensive cyber insurance ensures a swift recovery from breaches and empowers businesses to innovate with confidence, knowing that they’re not shouldering all the potential risks themselves. This makes insurance not only an important safety net but also a powerful enabler of business growth.”

Eddie Lamb, Chief Information and Security Officer (CISO), Hiscox

Read more about what Hiscox can offer

Hiscox Cyber Insurance

There are a number of other ways you can boost your cyber readiness – learn about Hiscox cyber insurance and how it can help you feel more prepared for cyber threats to your business.

Hiscox Cyber Insurance

Hiscox Risk Academy (HRA) CyberClear

The Hiscox Risk Academy (HRA) is a free online risk management platform with additional CyberClear training on topics such as social engineering and payment diversion fraud to GDPR regulations and fraud awareness.

Hiscox Risk Academy

Hiscox CyberClear Insurance for Brokers

Are you an insurance broker or agent? View our broker resources to learn more about Hiscox CyberClear insurance, from policy coverage to the wider market appetite.

Hiscox CyberClear Insurance for Brokers