Hiscox cyber threat ranking reveals UK's most vulnerable industries

The rankings, derived from insights gathered from nearly 1,000 British companies, provide a score from 7 to 70, with a higher score indicating a greater risk. The assessment focuses on the optimism of business leaders about handling future cyberattacks and factors in the number and cost of cyber events encountered within each sector.

The research identified the property, pharma and healthcare, and travel and leisure sectors as the top three most vulnerable industries in the UK. The property sector saw a significant risk score increase from 38 to 51 over the past year, while pharma and healthcare’s score rose from 39 to 49.

Business services exhibited the most substantial risk score improvement, dropping from 42 to 37. Additionally, the retail, financial services, and technology sectors also improved their scores over the last year.

Smaller organisations with 1-9 employees experienced an increase in overall risk scores by 9 points compared to the previous year. In contrast, larger enterprises with over 1,000 employees managed to reduce their risk score slightly from 38 to 36, signalling an improved capacity to handle potential cyberattacks.

48% of UK businesses reported at least one cyberattack in the past year. The median number of cyberattacks experienced by UK businesses increased to six within a year.

UK companies incurred a median annual loss exceeding £19,000 due to cyber-related incidents. Businesses with over 1,000 employees suffered the highest costs due to cyberattacks, with a median cost of approximately £71,692.50 over the last 12 months.

46% of UK businesses have designated personnel or teams responsible for cybersecurity, with 37% of companies regularly discussing and evaluating their security measures. These entities allocate a median spend of 19% of their total IT budget to cybersecurity.

Government and non-profit organizations had the highest number of cyberattacks, with a median of 38 incidents over the last year. This sector also suffered the most substantial financial costs due to cyberattacks, averaging almost £60,000 over 12 months. 46% of energy sector businesses and one-third of financial services companies lost customers within the past year because of cyberattacks. Additionally, 27% of enterprises in the transport and distribution sector faced difficulties in attracting new customers due to cyber threats.

The most frequent consequence of cyberattacks in the UK was the misuse of IT resources (29%), particularly pronounced in the energy sector. For medium-sized businesses with 250-999 employees, the primary outcome of cyberattacks was increased costs associated with notifying customers, affecting over 43% of such companies.

A majority 59% of UK organisations acknowledged an increased vulnerability to cyberattacks due to employees working remotely. The pharmaceutical and healthcare sector expressed the highest agreement on this matter, with 74% reporting increased vulnerability. Similarly, over 72% of large organisations with over 1,000 employees shared this concern.

Companies in the UK allocated a median of £477,950 to their overall IT budget over the past year. Entities with over 1,000 employees demonstrated the most significant spending, with a median budget of £23,897,500. The financial services sector had the highest IT budget at £7,760,070.

Alana Muir, Head of Cyber at Hiscox, highlighted the urgency of regularly reviewing cybersecurity and privacy across all industries to minimize harm to businesses and customers. She emphasised the importance of strengthening digital resilience to counter the growing threat of cyberattacks in the UK.