Businesses Unprepared for Cyberattacks Despite Steady Concern

October 16, 2023

Cyber risks remain a top concern for business leaders, according to the annual Travelers Risk Index.

The top concerns among 1,206 survey participants are, in order, medical cost inflation (60%), broad economic uncertainty (59%) and cyber risks (58%). Travelers reported that this marked the ninth straight year that cyber threats were one of the top three concerns.

More than half of respondents believe their businesses will inevitably be victims of cyberattacks. And while 90% of respondents expressed confidence that their company had implemented best cyber practices, at least 25% of businesses have not taken what Travelers calls “essential steps,” such as installing firewall or virus protection and implementing data backup and password updates.

“Cyber risks have extremely serious consequences — one attack can weaken an organization or potentially put it out of business,” said Tim Francis, enterprise cyber lead at Travelers. “Fortunately, there are effective measures that companies can take to address vulnerabilities and successfully manage through a cyber event.”

Travelers reported that 64% of survey participants said they don’t use endpoint detection and response. More than half don’t conduct cyber assessments for vendors or customers’ assets, and only 50% have an incident response plan. Forty-four percent do not utilize multifactor authentication for remote access.

Based on their responses, small businesses appear even less prepared, despite Travelers sharing that the “likelihood of a cyber event happening is not based on the size of a company. Many times, bad actors target existing vulnerabilities, meaning small businesses could be even more at risk.”

The index also found that security breaches remain the most frequently cited cyber event, followed by system glitches causing an organization’s computers to go down and employees putting information systems at risk. Theft or loss of control of customer or client records and a company being the target of cyber extortion or ransomware rounded out the list of common cyber events.

“While the business community has come a long way in preparing for and responding to a cyberattack, the survey results show that more can still be done,” Francis added. “A well-designed, multi-layered cybersecurity program can help mitigate the threat of a cyber event, and we encourage organizations to work closely with their independent insurance agent as we all navigate an evolving cyber landscape.”

Travelers found that 66% of small businesses do not have cyber insurance. Meanwhile, 26% of mid-size businesses and 28% of large businesses were found not to have cyber insurance.