Cyberthreats remain the top business concern, Travelers reports
Nearly 60% of business leaders think it is inevitable that their organization will be hit by a cyberattack.
For the third time in four years, cyber risks ranked as the overall top cause of stress for business leaders, according to the 2022 Travelers Risk Index, which also found that nearly 60% think it is inevitable that their organization will be hit by a cyberattack.
Other leading concerns on this year’s index were: broad economic uncertainty, volatility in oil and energy costs, the ability to attract and retain talent and medical cost inflation.
When it comes to coverage for these risks, around 75% of respondents said cyber insurance is critical. Despite this posture, penetration of cyber policies increased just 3 points year-on-year, with 59% of respondents reporting their company purchases this coverage. Small businesses accounted for the largest increase of cyber policy purchasers, with 38% reporting buying coverage. This is an 8% increase compared with the year prior.
This year also saw more survey respondents reporting that they were victims of a cyberattack, marking the seventh consecutive year of growth. Slightly more than a quarter of respondents said they had a cyber incident and around half of those events occurred in the past 12 months, Travelers reported. Among companies that have been victims, 71% reported having more than one incident.
“Multiple cyberattacks might not be random — if you were vulnerable before and don’t take appropriate action as a result, you continue to be at risk,” Tim Francis, enterprise cyber lead at Travelers, said in a release. “It’s important to take the prospect of a cyberattack seriously and to put your company in position to successfully manage a likely event.”
Fear & overconfidence in cybersecurity
A big majority (93%) of respondents were confident their company had implemented policies and practices to prevent or mitigate cyberattacks. However, when asked about specific measures taken, most hadn’t taken them.
For example, 64% don’t use endpoint detection and response, 59% haven’t run a cyber assessment on their vendors and 53% don’t have a response plan in place should an incident occur.
Further, 90% of respondents are familiar with multifactor authentication (MFA), but only 52% are using it to secure remote access connections. Research from Arete found that 94% of ransomware victims weren’t using MFA.
“Cyberattacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions,” Francis said. “Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber event.”
Related: