In this nationwide survey, 58% of the respondents expressed worry to some extent about cyber threats, placing it just below concerns about medical cost inflation (60%) and broader economic uncertainty (59%).
However, despite their confidence in having implemented best cyber practices, the survey revealed that at least 25% of businesses have not taken critical steps, such as installing firewalls or virus protection and implementing data backup and password updates.
Furthermore, a substantial proportion stated they do not use endpoint detection and response (64%), conduct cyber assessments for vendors (57%) or customers’ assets (56%), possess an incident response plan (50%), or employ multi-factor authentication for remote access (44%).
Approximately one-quarter of the participants (23%) disclosed that their company had experienced a cyberattack, with nearly half of those incidents (49%) occurring within the last 12 months.
Phishing emails, where cybercriminals deceive an employee into transferring company funds to a fraudulent account, have been on the rise. The percentage of respondents from large companies reporting phishing scams nearly doubled in the past year, from 14% to 27%. Security breaches, involving unauthorized access to a company’s computer system, remained the most common event across companies of all sizes, accounting for almost one-third (32%) of attacks.
Ransomware was ranked ninth among specific cyber-related business concerns, despite being a prominent cause of cyber-related claims in the industry.
Among medium-sized businesses, 74% stated they have a cyber policy, up from 67% in 2022. Large companies remained at 72%, the same percentage as the previous year, while small businesses (34%) were still the least likely to have cyber insurance coverage. Overall, 60% affirmed their company has cyber insurance, a significant increase from 39% five years ago.
Awareness of cyber-specific risks continues to rise, with 81% of respondents believing that having proper cybersecurity controls in place is crucial to their company’s well-being, up from 78% last year and 69% in 2018.
“Cyber risks have extremely serious consequences – one attack can weaken an organization or potentially put it out of business. Fortunately, there are effective measures that companies can take to address vulnerabilities and successfully manage through a cyber event,” Travelers enterprise cyber lead Tim Francis said.
“While the business community has come a long way in preparing for and responding to a cyberattack, the survey results show that more can still be done,” Francis added. “A well-designed, multi-layered cybersecurity program can help mitigate the threat of a cyber event, and we encourage organizations to work closely with their independent insurance agent as we all navigate an evolving cyber landscape,” Francis said.
What are your thoughts on this story? Please feel free to share your comments below.