Nearly three-quarters of businesses experienced at least one hacking incident in the last year: study

Almost 70% of businesses experienced at least one hacking incident in the last year, according to a study of business risk managers released on Wednesday by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re. Yet, more than half (55%) don’t believe their company is dedicating enough money or trained and experienced personnel to combat the latest hacking techniques.

“Hackers have evolved and so have their methods of attack,” said Eric Cernak, cyber practice leader for Munich Re, in a press release. “Businesses are on high alert, but they can do a lot better. Simply reacting to new threats is not enough. Businesses of all sizes need to anticipate hacking trends and deploy the resources necessary to protect their private or sensitive information.” [click image below to enlarge]

The 2015 Cyber Poll from HSB – an engineering and technical risk insurer providing equipment breakdown insurance products, other specialty coverages, and related inspection services and engineering consulting – was conducted on-site at the Risk and Insurance Management Society (RIMS) Conference in New Orleans, La. on April 27.

The poll is intended to represent the sentiments of 102 risk manager attendees who participated through in-person interviews, and represented small (1-99 employees), mid- (100-999 employees) and large-sized (1,000+ employees) businesses in the following industries: manufacturing/industrial; retail; financial services; government/military; medical/healthcare; and education. Of the risk managers polled by HSB, 63% represented large enterprises, followed by 30 percent at mid-sized organizations and seven percent at small businesses. [click image below to enlarge]

The survey revealed a “notable exposure and concern” with the use of cloud technology, the press release said, with loss of confidentiality of information viewed as the biggest risk (76%), followed by service interruption (16%) and government intrusion (5%). Concerns about the type of information being breached ranged from personally identifiable information (53%) to sensitive corporate information, such as business and M&A plans (33%), to financial information banking credentials (14%).

When asked about the type of risk management services they would be most interested in deploying to combat cyber risk, risk managers pointed to intrusion detection/penetration testing (32%), employee education programs (25%) and encryption (25%).

For additional protection, 46% said that their business has either purchased cyber insurance for the first time or increased its level of coverage in the last year. More than one-third (36%) of businesses do not have any level of cyber insurance coverage.