The median cost of a cyberattack costs $18,000 for a U.S. business, up from $10,000 the previous year, according to a cyber readiness study by the insurance firm Hiscox. (U.S. Army)

Cyber threats are viewed as the dominant risk to the business in 7 out of 8 countries surveyed in a recently released study, with the median cost of a cyberattack on a U.S.-based business costing $18,000, up from $10,000 the previous year. 

The Bermuda-based insurance firm Hiscox commissioned Forrester Consulting to survey more than 5,000 security professionals in the U.S., U.K., Belgium, France, Germany, the Netherlands, Spain and Ireland for its Cyber Readiness Report 2022. The survey was conducted between Nov. 30, 2021, and Jan. 21, 2022. The median cost of a cyberattack for all surveyed countries was just under $17,000, an increase of 30% from the year before.

Cyberattacks were the biggest concern of the 900 firms surveyed in the U.S. at 46%, outpacing the pandemic (43%) or skills shortage (38%). Nearly half of businesses in the U.S. (47%) suffered a cyberattack in the last 12 months, an increase of 7% from the previous year, while the most common entry point for all surveyed countries was a corporate server in the cloud (41%), followed closely by business email (40%).

Despite leading the other seven countries in cyber maturity, scoring 3.05 compared with an average of 2.94, 84% of companies based in the U.S. that experienced a ransomware attack paid to recover data. The number of U.S. firms with standalone cyber insurance remained steady at 34%.

“Despite 61% of survey respondents now being back in the office, businesses are still experiencing a hangover from the pandemic,” said Alannah Paul, cyber product head for Hiscox in the U.S., said in a press release. “Remote working provided a year-long Christmas for cybercriminals, and we can see the results of their cyber-feast in the increased frequency and cost of attacks. As we move into a new era of hybrid working, we all have an increased responsibility to continue learning, and managing our own cybersecurity.”