Almost half of surveyed UK businesses experienced some form of cyberattack last year, providing a timely reminder of the threats posed by cyber criminals.

A staggering 42 percent of UK firms do not have a dedicated cyber security role, according to the Hiscox report.

Also, only 28 percent of UK businesses said reviewing cyber policies and procedures was a top spending priority for the next 12 months.

The food and drink sector was the UK’s most cyber-ready, receiving the lowest risk score.

Conversely the travel and leisure sector was the UK’s least cyber-ready, receiving the highest risk score.


Other cyber superstars 

The energy sector has fared well this year. Having had the highest risk score for the last two years, it appears to have addressed some cyber security issues, moving to the bottom third of the table.

The transport and distribution industry was also an industry scoring well in terms of being cyber ready, with 65 percent of surveyed businesses having cyber insurance.

This sector proved to be one of the most vigilant, with almost four out of five businesses (79%) having a dedicated cyber security role.

The transport and distribution industry also saw almost half of businesses (48%) prioritising the review of internal cybersecurity policies and procedures over the next 12 months.

Technology, Media and Telecommunications (TMT) was the second most cyber ready sector, with food and drink narrowly taking the lead. The TMT industry spent the most on cyber security, with 26 percent of businesses investing more of their IT budget to tackle the issue.

This industry also scored highest in terms of cyberattack detection, with almost two thirds (62%) prioritising spending on spotting unauthorised personnel, connections and software.


What causes the risk?

Possible explanations for these rankings include: changes in behaviour precipitated by multiple lockdowns, increased online purchases, work from home mandates and international travel bans.

Almost half of surveyed UK businesses across all sectors (44%) reported having had one or more cyberattack in the last 12 months, with a median annual loss of £21,097 per company due to cyber incidents.

Larger businesses were subject to the most attacks; 63 percent of UK businesses with more than 1000 employees experienced a cyber incident of some kind. These same firms suffered the most severe financial losses as a result, with companies reporting median financial costs of £50,000 – more than double the UK average.

Gareth Wharton, Hiscox UK Cyber CEO, commented: “The last year has presented significant cyber security risks for UK businesses, with essential industries being subject to the highest risks, according to our threat ranking table. We know that this threat isn’t limited to particular countries, and while it’s evident that UK businesses are continuously investing in cyber defences, it’s important that increased investment continues to prevent grave financial losses.”






Editor at HRreview

Amelia Brand is the Editor for HRreview. With a master’s degree in Legal and Political Theory, her particular interests within HR include employment law, DE&I, wellbeing within the workplace. Prior to working with HRreview, Amelia was Sub-Editor of a magazine, and Editor of the Environmental Justice Project at the University College London, writing and overseeing articles into UCL’s weekly newsletter. Her previous academic work has focused on philosophy, politics and law, with a special focus on how artificial intelligence will feature in the future.