A new report by The Travelers Companies has revealed that more businesses – regardless of their size – are beginning to realize the dangers posed by cyber risks.
For the first time since Travelers started publishing its Risk Index series in 2014, the 2019 Travelers Risk Index found that cyber risks are the top concern among businesses of all sizes. Of the 1,200 business leaders participating in the survey, 55% said that they worry “some” or a “great deal” about cyberattacks.
Cyber risks finished ahead of other typical business risks, such as medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%) and legal liability (44%).
Travelers also found that as concerns over cyber threats have grown, a higher percentage of businesses across every industry said they have taken proactive measures to protect themselves from cyberattacks, compared to previous years:
51% of participants said they purchased a cyber insurance policy, up from 39% last year.
47% said they are creating a business continuity plan in the event of a cyberattack, from 38% last year.
49% said they are taking a cyber risk assessment for themselves, compared to 45% last year. 41% also said they put their vendors through cyber risk assessments, versus 37% in 2018.
74% said they have been updating their computer passwords, compared to 71% last year.
While the index reveals a considerable improvement in cyber best practices adoption, a considerable percentage of businesses still have no plan in place – or insurance.
“The Travelers Risk Index shows that more businesses are taking steps to prevent a cyber event, but it’s still alarming that nearly half don’t have the proper insurance coverage,” commented Travelers enterprise cyber lead Tim Francis.
Francis offered a reminder that it takes only one cyberattack to potentially put a company out of business; taking the threat seriously and creating a risk management program can help a company – not just to avoid a cyberattack, but to recover from one as well.
Other findings of the report include:
Since 2015, the percentage of small businesses which have suffered a cyberattack has tripled, from 4% to 12%. Medium-sized (10% in 2015 to 20% this year) and large businesses (19% to 33%) have also seen increases of their own.
The biggest cyber-specific worry among businesses is a tie between suffering a data breach and a third party gaining unauthorized access to bank accounts. The two are followed by extortion/ransomware attack and social engineering scams.
One in four surveyed participants did not believe their business would suffer a cyberattack, and thus did not purchase cyber insurance.
31% said their top reason for not purchasing cyber insurance was due to its cost.
Three-fourths of the participants agreed that having the proper cyber prevention tools in necessary to the well-being of their business.
80% admitted that it is difficult to keep up with the evolving cyber landscape.
36% maintained that today’s business environment was “more risky”