Less than half of the businesses in the U.S., U.K. and Germany are prepared to deal with cyber-attacks, a new report from specialist insurer Hiscox reveals.
The Hiscox Cyber Readiness Report 2017, published Tuesday, surveyed 3,000 companies across the three countries to assess their readiness to deal with cybercrime in terms of strategy, resourcing, technology and process.
The report found 53 percent of the companies assessed were ill-prepared to deal with an attack, and just 30 percent were rated "expert" in their overall cyber readiness.
In 2016 "cybercrime cost the global economy over $450 billion, over 2 billion personal records were stolen and in the U.S. alone over 100 million Americans had their medical records stolen," said Steve Langan, chief executive at Hiscox Insurance, told CNBC.
"This is an epidemic of cybercrime, and yet 53 percent of businesses in the U.S., U.K. and Germany were just ill-prepared."
U.S. firms are most prepared in case of an attack, with 49 percent of expert-ranked companies coming from the states. Of note, larger U.S. firms were the most targeted with 72 percent being attacked in the past 12 months.
Meanwhile, German companies made up 39 percent of bottom-ranked companies .
Langan outlined four ways firms can improve their cybersecurity, including having the right strategy in place and increasing their technological defenses.
"Thirdly, more importantly and where people actually forget to do this, is to build the human firewall in your business, so train your staff to recognize those suspect emails which are getting increasingly sophisticated and very difficult to distinguish," he said.
"Fourthly, we think they should offshore their risk to insurance companies to make sure they can manage that for them."
Companies are increasingly factoring cyber-attacks into their business and IT risk assessments, according to Darren Anstee, chief security technologist at Arbor Networks, which should lead companies towards making better security investments.
"A better understanding of the impact an attack can have is driving firms toward best-practice, and our latest research shows better detection / mitigation capabilities, faster response times and improved overall effectiveness," he said in a press comment.
"That said, this is an iterative process as attackers aren't staying still. With the adoption of different technologies, such as cloud, NFV (network functions virtualization) etc., new or expanded threat surfaces emerge and have to be addressed."