Over Two Thirds of U.S. Businesses Suffered an Increase in Cyber Attacks, Reveals Annual Hiscox Cyber Readiness Report

69% of U.S. businesses reported an increase in cyber attacks in just one year

Atlanta, GA – January 13, 2025 – Hiscox, the specialist global insurer, has released its annual Cyber Readiness Report, revealing that 7 in 10 (69%) U.S. companies report an increase in cyber attacks compared to the previous year. The report underscores that cyber threats now pose a greater risk to organizations than bankruptcy, according to the survey.

This comprehensive report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed 2,150 cyber security professionals responsible for protecting their organizations across eight countries, including 400 participants from the United States.

Key U.S.–specific insights include:

  • The Odds are Against U.S. Businesses: U.S. business leaders consider cyber attacks and data breaches (32%) to be a bigger threat to their organizations than skills shortages (30%) and bankruptcy (27%).
  • Attacks are as Regular as Weekly Leadership Emails: With an average of 62 cyber incidents per business each year – or over one attack or attempt per week – U.S. companies are facing threats as often as many receive company-wide communications from leadership or weekly newsletters.
  • Cyber Resilience is of Strategic Importance: Suffering from ransomware (32%) or virus outbreaks (37%) proves to be the most common cyber attack outcome for businesses, with 56% also reporting financial losses due to payment diversion fraud and 36% citing loss of encrypted data. As a result, 72% of U.S. companies recognize the importance of cyber resilience as integral to their business strategy.
  • Paying Up Rarely Pays Off: Paying a ransom offers no assurance of full data recovery; in fact, only 7% of businesses who paid a ransom successfully retrieved all their data, and 10% experienced data leaks despite payment. After an attack, reputational challenges loom, with 43% of businesses struggling to attract new clients due to the damage caused.

Three ways for U.S. businesses to reduce their cyber risk

  1. Train employees on cyber risks: Phishing emails appear to still be the primary method of choice for cyber criminals, accounting for 57% of ransomware incidents. Among companies that have faced an increase in their cyber risk exposure, they credit a substantial lack of employee awareness (41%).
  2. Retire outdated technology: Failing to decommission outdated systems was identified as the primary driver of rising cyber risk (47%), with legacy systems presenting greater vulnerabilities than employee personal device usage (39%).
  3. Consistently backup your data: Businesses that opted to pay ransoms did so because 35% lacked adequate data backups and were unable to restore their data.

"By now, most of us are familiar with ‘urgent’ emails popping up in our inboxes imploring us to click on a strange link and enter our card details. But, despite phishing emails being a near everyday occurrence and our increasing familiarity with the threat, the threat is showing no sign of stopping. In fact, as we see in the survey, 69% of U.S. businesses are seeing a rise in cyber incidents,” said Mike Maletsky, Head of Technology & Cyber at Hiscox USA. “These results highlight that one of the best ways to fight back is through regular employee training. For every year that employees aren’t trained on the latest cyber risks, technology develops, and cyber criminals can take two steps ahead.”

Related Materials

The Annual Hiscox Cyber Readiness Report

About the Study

Hiscox, in partnership with Man Bites Dog, conducted an opinion research study among 2,150 professionals responsible for their company’s cyber security strategy. This included 400 interviewees from the USA and 250 from each of the following countries: the UK, the Republic of Ireland, France, Germany, Spain, Belgium and the Netherlands. The interviews were conducted between August 12 and September 2, 2024.

This report includes comparisons to previous years’ studies, mainly the 2023 Cyber Readiness Report. The 2023 sample of 5,005 professionals included over 900 each from the USA, the UK, France and Germany; over 400 from Spain; and 200-plus from Belgium, the Netherlands and the Republic of Ireland.

The Annual Cyber Readiness Report is based on a more specialized research sample consisting of business leaders and IT decision-makers. Respondents also included a larger proportion of large organizations (1,000+ employees) than in previous years.

Hiscox Cyber Readiness Report was first launched in 2016.

About The Hiscox Group

Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle.

The Hiscox Group employs over 3,000 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the USA, we offer a range of specialist insurance for professionals and business customers as well as homeowners. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re & ILS. In the US, Hiscox small business Insurance is underwritten either by Hiscox Insurance Company Inc., a Chicago-based insurance company, or a Hiscox Syndicate at Lloyd’s, London, which is available on a surplus lines basis through licensed surplus lines brokers.

Our values define our business, with a focus on people, courage, ownership and integrity. We pride ourselves on being true to our word and our award-winning claims service is testament to that. For more information, visit www.hiscoxgroup.com.

Media Contacts

Lucy Baines
Hiscox USA
+1 646 560 9399
[email protected]