Results show fluctuating and emerging business risks, but cyber threats remain a leading concern.
The Travelers Companies, Inc. (NYSE: TRV) has released its 2023 Travelers Risk Index results, and for the ninth straight year, cyber threats were one of the top three business concerns among the 1,200 survey participants from small-, medium- and large-sized companies.
The threat of cyberattacks for professional service leaders is all too real with the survey revealing over a quarter (28%) of professional services industry have been victims of a data breach or a cyberattack. Knowing this, it is imperative that professional service leaders implement the proper practices to mitigate cyber risks and ensure they are prepared against any potential threats. Some of the report's other key findings showcased:
- 80% of professional services agree that cyber is an ever-changing landscape and it is challenging to keep up with all the latest information.
- 49% of professional services leaders are extremely or very confident that their company has implemented the best practices to prevent or mitigate a cyber event.
- 61% of professional services companies worry a great deal or some about a security breach—someone gaining unauthorized access into their computer system.
Of those taking the national survey, 58% said they worry some or a great deal about cyber, ranking it just behind medical cost inflation (60%) and broad economic uncertainty (59%).
Tim Francis, Enterprise Cyber Lead at Travelers, said, "Cyber risks have extremely serious consequences – one attack can weaken an organization or potentially put it out of business. Fortunately, there are effective measures that companies can take to address vulnerabilities and successfully manage through a cyber event."
Respondents expressed confidence that their company had implemented best cyber practices. However, according to their responses, at least 25% of businesses have not taken essential steps, such as installing firewall or virus protection and implementing data backup and password updates. A much larger percentage say they don't use endpoint detection and response (64%), conduct cyber assessments for vendors (57%) or customers' assets (56%), have an incident response plan (50%), or utilize multifactor authentication for remote access (44%).
Cyberattacks
- Nearly one-quarter of survey participants (23%) said their company has suffered a cyberattack, with almost half of those (49%) occurring in the last 12 months.
- Phishing emails, when a cybercriminal convinces an employee to transfer company funds to a fraudulent account, have been on the rise. The percentage of survey respondents from large companies who said they've experienced a phishing scam nearly doubled in the past year, from 14% to 27%. A security breach, when someone gains unauthorized access to a company's computer system, remains the most common event among companies of all sizes, accounting for nearly one-third (32%) of attacks.
Additional highlights from the survey include:
- Ransomware ranked ninth among cyber-specific business worries, despite it being a leading cause of cyber-related claims in the industry.
- Among medium-sized businesses, 74% said they have a cyber policy, up from 67% in 2022. Large companies came in at 72%, the same percentage as a year ago, while small businesses (34%) are still the least likely to secure cyber insurance coverage. Overall, 60% said their company has cyber insurance; five years ago, it was 39%.
- Awareness of cyber-specific risks keeps increasing: 81% of respondents feel that having proper cybersecurity controls in place is critical to the well-being of their company, up from 78% last year and 69% in 2018.
"While the business community has come a long way in preparing for and responding to a cyberattack, the survey results show that more can still be done," Francis added. "A well-designed, multi-layered cybersecurity program can help mitigate the threat of a cyber event, and we encourage organizations to work closely with their independent insurance agent as we all navigate an evolving cyber landscape."
In recognition of national Cybersecurity Awareness Month, the Travelers Institute, Travelers' public policy division, will host three educational programs for the business community and broader public in October to help increase cyber preparedness. In-person programs that are part of the Travelers Institute's Cyber: Prepare, Prevent, Mitigate, Restore symposium series will take place Oct. 17 in Worcester, Massachusetts, and Oct. 20 in Kansas City, Missouri. An Oct. 11 webinar will provide tips on addressing and improving cyber readiness. For more information and to register, visit the Travelers Institute Events & Webinars page.
View the survey results here.
About the Survey
Hart Research conducted a national online survey of 1,206 U.S. business insurance decision-makers June 1-13, 2023, regarding their top challenges. Launched in November 2014, the Travelers Risk Index survey was commissioned by Travelers.
SOURCE: Travelers
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.