For the ninth straight year, cyber threats were one of the top three business concerns among the 1,200 participants from small-, medium- and large-sized companies surveyed by Travelers Companies, Inc.

Of those taking the 2023 Travelers Risk Index survey, 58 percent said they worry some or a great deal about cyber, ranking it just behind medical cost inflation (60 percent) and broad economic uncertainty (59 percent).

“Cyber risks have extremely serious consequences – one attack can weaken an organization or potentially put it out of business,” said Tim Francis, enterprise cyber lead at Travelers. “Fortunately, there are effective measures that companies can take to address vulnerabilities and successfully manage through a cyber event.”

Though respondents expressed confidence that their company had implemented best cyber practices, at least 25 percent of businesses reportedly had not installed firewall or virus protection or implemented data backup and password updates.

A much larger percentage say they don’t use endpoint detection and response (64 percent), conduct cyber assessments for vendors (57 percent) or customers’ assets (56 percent), have an incident response plan (50 percent), or utilize multi-factor authentication for remote access (44 percent).

Close to a quarter of survey participants (23 percent) reported their company had suffered a cyberattack, with almost half (49 percent) occurring in the last 12 months.

The percentage of survey respondents from large companies who said they’ve experienced a phishing scam nearly doubled in the past year, from 14 percent to 27 percent.

Security breaches – when someone gains unauthorized access to a company’s computer system – remains the most common event among companies of all sizes, accounting for nearly one-third (32 percent) of attacks.

According to the survey, ransomware ranked ninth among cyber-specific business worries, despite it being a leading cause of cyber-related claims in the industry.

Medium-sized businesses reported an increase in cyber policy procurement with 74 percent of respondents reporting they have a cyber policy, up from 67 percent in 2022.

Large companies came in at 72 percent, the same percentage as a year ago, while small businesses (34 percent) are still the least likely to secure cyber insurance coverage.

The percentage of all companies that have cyber insurance policies has increased dramatically over the past five years, with 60 percent reporting their company has cyber insurance. Five years ago, it was just 39 percent.

Awareness of cyber-specific risks continues to increase. Of those surveyed, 81 percent feel that having proper cybersecurity controls in place is critical to the well-being of their company, up from 78 percent last year and 69 percent in 2018.

“While the business community has come a long way in preparing for and responding to a cyberattack, the survey results show that more can still be done,” Francis added. “A well-designed, multi-layered cybersecurity program can help mitigate the threat of a cyber event, and we encourage organizations to work closely with their independent insurance agent as we all navigate an evolving cyber landscape.”

In recognition of national Cybersecurity Awareness Month, the Travelers Institute, Travelers’ public policy division, will host three educational programs for the business community and broader public in October to help increase cyber preparedness.

In-person programs that are part of the Travelers Institute’s Cyber: Prepare, Prevent, Mitigate, Restore symposium series will take place Oct. 17 in Worcester, Massachusetts, and Oct. 20 in Kansas City, Missouri. An Oct. 11 webinar will provide tips on addressing and improving cyber readiness. For more information and to register, visit the Travelers Institute Events & Webinars page.

Hart Research conducted a national online survey of 1,206 U.S. business insurance decision makers June 1-13, 2023, regarding their top challenges.