The UK government and non-profit sector is at high risk of experiencing cyber incidents, according to a new threat table built from a global study on cyber readiness.
The sector saw a median loss of over £19,000 ($25,000) in the last 12 months on cyber events, having been impacted by phishing and virus infestation attempts. Out of the 15 sectors included in the analysis, government organisations and non-profits were the least likely to be able to measure the impact of a cyber incident, despite 70% of organisations having a dedicated cyber security role.
The findings are part of Hiscox’s Cyber Threat Ranking Table, which uses data from the insurer’s 2020 Hiscox Cyber Readiness Report, now in its fourth year, to rate the comparative cyber risk levels of a range of sectors, from a representative sample of 1,039 UK businesses.
Cyber protection was a key factor when it came to identifying the level of risk for the sector, with only 44% of firms in the government and non-profit sector having a cyber insurance policy. The mean budget allocated to cyber security was also 10% less than the UK average.
The professional services sector, which includes lawyers, accountants and consultants, proved to be the most cyber-ready, receiving the lowest risk score overall. Businesses in the industry reported the least amount of cyber events and were among the sectors most able to measure cyber impact.
The Cyber Threat Ranking Table also includes cyber risk based on company size. The biggest UK companies experienced the highest losses on cyber incidents, with a median cost of more than £270,000 ($353,700) in the last 12 months. Risk was also associated with a comparatively low cyber security budget and the highest record of cyber incidents.
Despite some industries receiving relatively high threat ranking scores in the UK, the overall results from this year’s Hiscox Cyber Readiness Report showed a marked improvement (in comparison to previous years) in relation to cyber security readiness with the sectors achieving ‘expert’ status nearly doubling – from 10% to 18%.
Sector risk scores (highest to lowest risk)
- Energy (45)
- Food and Drink (42)
- Business Services (41)
- Government and Non-Profit (41)
- Financial Services (39)
- Pharma and Healthcare (38)
- Travel and Leisure (38)
- Manufacturing (37)
- Retail and Wholesale (36)
- Technology, Media and Communications (36)
- Transport and Distribution (36)
- Property (35)
- Construction (33)
- Professional Services (30)
Stephen Ridley, Hiscox UK Cyber Underwriting Manager, commented: “UK businesses look to the government and the non-profit sector to deliver world-class cyber strategies and secure technologies, therefore the continued improvement of standards is always necessary. The high risk score associated with the sector highlights the need to implement stronger capabilities to detect and measure cyber threats, in order to contain sophisticated attacks and hacking events. Government organisations in particular are vulnerable to high levels of threat, and the data identifies the areas where risk mitigation needs to be stronger.”