Over a Third of TMT Firms Hit by Security Breach in 2020

Over a third of technology and media companies in the UK suffered a serious cyber-incident last year, according to new data from insurer Hiscox.

The firm claimed that 34% of firms in the technology, media and telecoms (TMT) sector were caught out by a cyber-incident or breach in 2020, leading to a median loss of nearly $40,000.

Phishing accounted for the majority (53%) of incidents, followed by web-based attacks (42%) such as those exploiting web app vulnerabilities.

Nearly a quarter (23%) suffered a ransomware attack where they were able to recover data from backup.

The Hiscox Cyber Readiness Report 2020 ranked the global TMT sector as one of the most frequently targeted by attackers, alongside financial services. It said 44% of firms in each vertical were hit by at least one incident or breach in the previous year.

TMT also ranked as one of the best prepared industries in terms of “cyber-readiness,” although the report clarified that “firms are often forced into becoming experts when they are heavily targeted industries.”

That chimes with the latest UK findings, which revealed that 67% of respondents in TMT are confident in their cyber-readiness, and 85% have a dedicated team or leader in cybersecurity.

“Research shows that the UK tech sector is far from exempt when it comes to major cybersecurity threats – proving that even for those sectors most equipped to deal with threats, vulnerabilities should never be overlooked,” said Stephen Ridley, Hiscox UK cyber-underwriting manager.

“The industry is, however, following best practice and building resilience through spending priorities and dedicated cyber-roles. The findings are a reminder that firms should always look to shift cyber-strategies and improve resilience capabilities.”

In fact, the UK’s TMT firms added £1m on average to their cybersecurity budgets in 2019 versus the previous year, the insurer claimed.

Security spending priorities over the coming year include endpoint malware detection, compliance, supply chain security, customer-facing services/applications and existing vulnerabilities.