Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • 73% of firms fail cybersecurity readiness tests. — Hiscox, 2018
  • Large US businesses lose an average of $1.05 million to cybercrime each year. — Hiscox, 2018

Despite warnings of the increasing number of cyber threats plaguing the enterprise, 73% of firms face major shortcomings in terms of cybersecurity readiness, according to a new report from specialists insurer Hiscox.

That failure to prepare has major consequences: Globally, almost half of the 4,500 businesses surveyed (45%) across the US, UK, Germany, Spain, and the Netherlands reported at least one cyber attack in the past year. Of those, two-thirds suffered two or more attacks. This should further act as a warning for businesses that have not implemented strong cybersecurity practices: It’s no longer a question of if you will experience a breach, but when.

To determine a firm’s cyber readiness, Hiscox evaluated the following categories: Strategy, engagement, organizational leadership, training and evaluation, cyberinsurance, and willingness to make changes in response to a cyber incident.

SEE: Incident response policy (Tech Pro Research)

In the US alone, large businesses lose an average of $1.05 million to cybercrime annually, the report found. And that’s even considering that the US tops the list of nations studied in terms of cyber expertise, with 13% of respondents ranking as “cyber experts,” compared to 11% of global respondents.

In the US, cyber threats are ranked as a top risk among companies: Though many lack adequate defenses, two-thirds of respondents ranked the threat of a cyberattack alongside fraud as a top risk to their business. Firms are responding by spending more money on cyber protections–almost 60% of survey respondents said they believe their overall cybersecurity spending budget will increase by 5% or more this year.

It may sound simple, but employee training does work to prevent attacks, the report found: Of the organizations investing in cybersecurity efforts, 54% said that employee training helped reduce the number of cyber hacks and incidents at their company. In the US, 43% of employers reported conducting cybersecurity exercises, like phishing experiments, on their employees to better understand behavior. (For tips on how to best train your employees to be cyber secure, click here).

“As threats become more advanced and sophisticated, cyber readiness is no longer a ‘nice to have’ but a ‘must have’ for businesses of all sizes,” Dan Burke, vice president and cyber product head for Hiscox in the US, said in a press release. “There needs to be a dedicated investment, and not just a financial one, in order [to] prevent, detect and mitigate cyber attacks. Beyond the allocation of funds, an organization must focus on its people, its thinking and its processes, in order to become a cyber expert.”