The number of US businesses that experienced an attack fell this year - but the cost of each individual attack rose, according to the annual Hiscox Cyber Readiness Report 2020.
Only 41 percent of US-based respondents to the Hiscox survey said they had experienced a cyber incident in the last year, compared to 53 percent the previous year.
However, the median cost of all cyber incidents in the US rose five-fold to $50,000, meaning cyber criminals are doing more damage with fewer attacks.
Nearly one-third (32 percent) of US businesses with under 250 employees experienced at least one cyber incident or breach in the past year. Of those, only one in five (21 percent) had purchased or enhanced their cyber insurance policy for protection against such attacks.
The way cyber criminals attack also looks to be changing. This year 15 percent of victims of cyber attacks reported reputational damage as a result of the breach, compared to only 3 percent last year.
Businesses reported experiencing greater difficulty in attracting new customers following an incident or breach, with 17 percent reporting challenges, compared to 3 percent the previous year.
Overall, Hiscox found that businesses are increasing their spending on cyber defences. The report found that the US and Ireland spent the most on cyber, with US businesses increasing their average cyber security spending within their IT budgets by 61 percent to $2.4 million.
The US and France were also the most likely to pay cyber ransoms, with 18 percent of businesses in those countries that suffered a ransomware infection paying up to make the problem go away.
Among US businesses 64 percent reported having cyber insurance coverage, while 16 percent said they were planning to purchase coverage in the next twelve months. More than half (54 percent) of those with cyber insurance planned to use employee training offered by their insurance providers, in addition to their cyber policy.
Businesses have also become more responsive to cyber attacks. This year, only 3 percent of US organisations said they took no action after a cyber incident, compared to 39 percent last year.
The number of ranked cyber experts more than doubled to 24 percent this year, while cyber novices fell to 58 percent, compared to 73 percent last year. However, 48 percent of all respondents agreed their organization remains at risk of having a cyber incident.
Meghan Hannes, cyber product head for Hiscox in the US, said: "Businesses have been pushed into an unforgiving new world in 2020, and cyber criminals won't offer any form of relief. COVID-19 has created new, lucrative opportunities for cyber attacks, and businesses must evolve their cyber strategies to remain shielded."
The report surveyed 5,569 professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland who are responsible for their company's cyber security, between December 24, 2019, and February 3, 2020.
Hiscox, Cyber, Meghan Hannes, Hiscox Cyber Readiness Report 2020