行业研究公司研究宏观策略财报招股书会议纪要 seedance2.0 低空经济 DeepSeek AIGC 大模型

中小企业采取行动应对当前及未来网络安全威胁

信息技术 2025-11-04 Hiscox 秋穆

核心观点与关键数据

攻击现状：59% 的中小企业在过去 12 个月内遭遇过网络攻击，其中 33% 因数据泄露面临监管罚款。受攻击企业平均遭受多次攻击，大型企业或高收入企业受影响更严重。
攻击来源：物联网设备（33%）、供应链漏洞（28%）、云服务器（27%）、AI 工具（15%）是常见攻击入口。
勒索软件：60% 的支付赎金企业部分或全部恢复数据，但 31% 遭遇二次勒索，27% 遭受再次攻击。
攻击影响：33% 的受影响企业面临足以损害财务健康的罚款，30% 业务表现下降，29% 客户通知成本增加，29% 难以吸引新客户。
应对措施：94% 的企业计划未来 12 个月增加网络安全投资，70% 更新员工培训，60% 招聘额外人员。91% 企业每季度进行至少一次漏洞检查，88% 每季度评估供应商风险。
保险覆盖：71% 的企业拥有网络保险，但 10 人以下企业保险率（65%）低于其他规模企业。
AI 影响与认知：65% 的企业负责人认为 AI 是资产，但 60% 也视其面临三大 AI 驱动威胁：社会工程攻击、AI 恶意软件和钓鱼攻击、AI 控制企业数据。22% 企业认为设施和员工是主要攻击入口。
未来计划：83% 企业在过去 12 个月提升网络弹性，未来三年将重点：确保保险覆盖 AI 风险（37%）、培训员工 AI 威胁意识（36%）、定期审计 AI 使用（36%）、招聘 AI 专长员工（33%）、聘请 AI 安全顾问（33%）。
强制披露：71% 企业支持强制披露勒索软件支付成本，但 53% 认为私营企业不应强制公开财务，49% 担心会鼓励攻击者。

研究结论

中小企业正积极应对日益严峻的网络威胁，通过增加投资、培训和招聘来提升网络弹性，但 AI 等新技术带来了新的攻击方式和挑战。
企业普遍认识到 AI 的双重作用，既可增强防御，也可能被恶意利用，需加强 AI 风险管理。
网络安全不仅是技术问题，更是人员问题，员工意识和培训至关重要。
网络保险是重要的风险转移工具，但覆盖范围和认知仍有提升空间。
关于勒索软件支付强制披露的讨论将持续，需平衡透明度与潜在风险。

current and future cybersecurity threats Contents 03Introduction04Executive summary05Key findings06State of attacks09Taking action10Cyber resilience11AI and future threats13Mandatory disclosures14Country comparisons15Cyber security tips for SMEs The Hiscox Cyber Readiness Report is based on researchconducted byWakefield Researchwith 5,750 businesses, wherethe individuals responsible for their organisation’s cyber securitystrategy were interviewed. This means the owner, principalor partner for those companies with fewer than 50 employees,and either the CIO, CISO, or the director/VP of security or ITfor those companies with 50-249 employees. Research was conducted between 29 July and 8 August 2025,using an email invitation and an online survey, and respondentscan be broken down by geography as follows: 1,000 respondentsin the USA, UK, France, Germany and Spain respectively,500 respondents in Ireland and 250 in Portugal. As research data, this represents a cross-section of insuredand uninsured businesses that may or may not have made aninsurance claim following an incident. It is not necessarilyindicative of our own claims experience or that of the widerinsurance industry. Our report also looks at the impact ofAI on small businesses, for whom it canbe both friend and foe. While AI bringsopportunities and new ways to detectand respond to threats, it also introducesnew vulnerabilities – creating blind spotentry points and exposing gaps in datasecurity that hackers can exploit in muchthe same way as they did with cyberten to 15 years ago. With AI increasinglyintegrated into daily business activities,our specialist teams at Hiscox are focusedon defining its risks, establishing cover forit, and creating the necessary knowledgeand training around it to support smallbusiness owners around the world. The rise of digital commerce hascreated tremendous opportunities forsmall businesses, empowering them toinnovate, reach new markets, and play anincreasingly vital role in the global economy.Perhaps most powerful of these recentdevelopments is artificial intelligence(AI), allowing SMEs to deploy tools andresources that would previously havebeen out of reach. Introduction But these opportunities also presentchallenges. As businesses embrace newtechnologies, they must also navigatea landscape where evolving cyber threatscan jeopardise their success in new ways.This ninth edition of the Hiscox CyberReadiness Report is designed to helpsmall- and medium-sized enterprises(SMEs) better understand the risks theyface in our fast-evolving, technologicallydriven world, and the steps they can taketo minimise their exposure to those risks.Having previously built and grown myown small business, it’s something I’mparticularly passionate about. And yet, while the cyber landscapemay be built on shifting sands, the SMEresponse to it is proactive and pragmatic.The vast majority of SMEs (94%) planto increase their cyber security and dataprotection investments over the next12 months. That includes hiring cyberspecialists, updating training programmes,conducting regular vulnerability checks,and reassessing risks across theirsupply chains. Eddie LambGlobal Head of CyberHiscox We spoke to 5,750 business across theUK, USA, France, Germany, Spain, Irelandand Portugal to understand the impactcyber attacks have on their business, andthe most common exposures they face.More than half told us they had experienceda cyber attack in the last 12 months,and a third of those said they had faced aregulatory fine as a result of a data breachthat was substantial enough to impactthe financial health of their business. At Hiscox, we’re proud to standalongside these businesses, offeringnot just insurance, but insight, expertise,and support. Our 20+ years’ experiencein privacy and cyber insurance, and ourwork with more than 80,000 cyberinsurance customers worldwide, meansthat every day we are helping businessesrecover from incidents, strengthen theirdefences, and build long-term resilience. This underscores the importance ofSMEs taking all necessary steps to protectcustomer data, in line with regulatoryrequirements such as the General DataProtection Regulation (GDPR) in Europeor the consumer protection laws enforcedin the US by the Federal TradeCommission (FTC). When it comes to cyber security andbusiness resilience, we cannot affordto rest on our laurels and consider ourwork finished. Instead, we must maintainour collective resolve to overcomecyber crime, and prioritise an ongoingcommitment to cyber risk management. Ransomware attacks remain a particularlypersistent threat for many businesses.The SMEs we spoke to lifted the lid ontheir own ransomware attack experiences,with some paying multiple times in anattempt to safeguard their sensitive databut where paying a ransom is no guaranteeof recovering your data. Three-out-of-fiveSMEs who paid a ransom said theygot some or all of their data back, butfor almost a third of those who paida ransom, the at

点击免费查看完整报告