Cyber risks are the top concern among businesses of all sizes.

Of the 1,200 business leaders who participated in an insurer-sponsored survey, 55 percent said they worry some or a great deal about cyber risks, ahead of medical cost inflation (54 percent), employee benefit costs (53 percent), the ability to attract and retain talent (46 percent) and legal liability (44 percent).

The Travelers Companies, which has been commissioning the Travelers Risk Index since 2014, said this is the first time in its survey’s history that cyber has been the top concern among businesses of all sizes.

As concerns about cyber threats have grown, a higher percentage of businesses reported taking proactive measures to safeguard against cyber risks; however, a sizable number have not implemented such preventive best practices. The steps taken by respondents include:

  • Purchasing a cyber insurance policy (51 percent of survey participants, up from 39 percent last year).
  • Creating a business continuity plan in the event of a cyber attack (47 percent, up from 38 percent).
  • Taking a cyber risk assessment for themselves (49 percent, up from 45 percent) and their vendors (41 percent, up from 37 percent).
  • Updating computer passwords (74 percent, up from 71 percent).

Tim Francis, enterprise cyber lead at Travelers, said that while more businesses are taking steps to prevent a cyber event, “it’s still alarming that nearly half don’t have the proper insurance coverage.”

Given that a single cyber attack can put a company out of business, Francis said that “taking the threat seriously and implementing a risk management program that addresses possible exposures can help a company not only avoid an attack but also recover from one as quickly as possible.”

Since 2015, the percentage of small business respondents that have suffered a cyber attack has tripled from 4 percent to 12 percent this year. Increases are also being reported among medium-sized companies (10 percent in 2015 to 20 percent this year) and large businesses (from 19 percent to 33 percent).

“More companies are experiencing cyber attacks,” Francis said. “The cost of a single breach to a small business can easily reach a substantial amount of money on top of the time it takes to restore the business, so protecting a company’s assets with a cyber insurance policy is critical.”

Other Surveys

The Travelers results are aligned with those of other surveys. According to a recent global report published by Marsh and Microsoft Corp., while nearly 80 percent of organizations now rank cyber risk as a top-five concern, compared to 62 percent in 2017, a majority of board members and senior executives responsible for their organization’s cyber risk management spend less than a day a year focusing on cyber risk issues.

Also, a Chubb survey found that while about 70 percent of individuals say their company has “excellent” or “good” cybersecurity practices in place, many companies continue to fail to implement the most basic safeguards. From 2018 to 2019, there was virtually no change in the percentage of companies that hold annual employee trainings (31 percent and 33 percent), deploy filters for online content (38 percent and 40 percent) and leverage social media blocks (32 percent and 33 percent).

Just 10 percent of the more than 1,220 people in Chubb’s survey said they have a cyber insurance policy.

Other Travelers’ Findings

Hart Research conducted the national online survey of 1,200 business decision-makers for Travelers from July 8-19, 2019. Other findings from the 2019 Travelers Risk Index include:

  • Suffering a security breach and a third party gaining unauthorized access to bank accounts were tied as the biggest cyber-specific worry among businesses. The third-highest cyber-specific concern was an extortion or a ransomware attack, which increased to 52 percent from 44 percent in 2018. Lastly, 43 percent of respondents said social engineering scams were a concern, up from 36 percent last year.
  • While there is greater awareness of cyber risks generally, one in four survey participants didn’t believe their business would suffer a cyber attack and thus opted not to purchase a cyber insurance policy. The top reason for not purchasing a cyber insurance policy, cited by 31 percent of respondents, was the expense.
  • Three-fourths of survey participants agreed that having the proper cyber prevention tools in place is critical to the well-being of the business, an increase from 69 percent in 2018.
  • Nearly 80 percent of respondents admitted that it is difficult to keep up with the ever-changing cyber landscape.
  • The percentage that said today’s business environment was more risky remained at 36 percent.

*This story ran previously in our sister publication Insurance Journal.