Each year, the Hiscox Cyber Readiness Report gathers data from thousands of businesses across the United States and Europe to gauge the general level of cyber defense and share best practices. The 2018 report is timely, as it comes on the heels of a major attack on the genealogy site MyHeritage. According to the company, the hackers hit the jackpot, accessing personal information for more than 92 million people. “Cyber security poses a challenge unlike any other,” said Hiscox’s Cyber CEO, Gareth Wharton, in the report. “Businesses large and small, both public and private, face an enemy that is unseen and largely unknown, has seemingly shape-shifting powers and appears utterly unrelenting. Each year brings a renewal of the contest but in a subtly different form.” One of the starkest figures from the report is that nearly 75% of organizations lack a sufficient cyber strategy. These businesses operate without the oversight, resources, processes, and technology to effectively combat cyber attacks. This level of inadequacy is interesting, because of these same companies, 66% rank cyber threats as the top risk to their business. The report shows that larger companies tend to be more prepared, given their larger budgets and better access to resources. On the flipside, organizations with less than 250 employees are the most vulnerable to attack. Less than 8% were ranked by Hiscox as being comprehensively prepared. Regardless of size, the businesses that are most ready to face cyber threats are those that learn from their mistakes, implement training, monitor their defenses, and have a solid strategy. Of the 4,103 organizations that participated in the Hiscox report, 45% said they were hit by cyber criminals in the past year. And of those who were targeted, two-thirds said that they suffered from multiple attacks. Among the worst was the WannaCry ransomware attack, which infiltrated about 300,000 computers around the world. The costs from this attack have been estimated at $4 billion. Of the attacks experienced by businesses in the Hiscox report, the most severe cost $25 million. But when all the attacks on businesses in the past year were aggregated, the average was about $230,000. Of course, that figure takes into account the businesses in several countries. When it’s narrowed down to just to attacks on businesses in the United States, the average skyrockets up to $1.05 million. Given the high risks that U.S. businesses face, it’s no wonder that the report revealed they’re doing more to shore up their cyber defenses than their European contemporaries. Many are increasing their cyber budgets, with 45% of U.S. businesses developing a formal cyber security strategy and 67% consistently using antivirus or antispyware products. This type of diligence is certainly necessary to thrive amidst the threats of cyber security. If one thing shone through most in the Hiscox Cyber Readiness Report, it’s that criminals are constantly evolving their methods and improving their technology, so business owners must do the same if they want to avoid a catastrophe.