A survey of more than 1,200 business leaders across the country highlights cyber threats as the top concern among large- and medium-sized companies, according to the latest Travelers Risk Index.

For the ninth time in the last 10 years, the percentage of respondents whose company suffered a cyber event was higher than the prior year. This year, 25 percent suffered a data breach or cyber event, compared with 24 percent in 2024. Sixty percent reported being hit multiple times.

The survey also indicated that, compared with last year, a much smaller percentage of respondents believe the current business environment is becoming more risky.

“These findings provide a compelling snapshot of how people and companies view cyber threats and what they’re doing, if anything, to avoid becoming the next victim of a cyber attack,” said John Menefee, vice president and enterprise cyber lead at Travelers. “Being aware of the risks and implementing a cybersecurity program that addresses areas of potential exposure can separate businesses that thrive from those derailed by devastating breaches.”

Though survey respondents from large and medium-sized companies ranked cyber as the top business concern, it ranked third for businesses of all sizes, with 56 percent saying they worry some or a great deal.

The top five cyber events impacting businesses:

1. Security breach (39 percent)
2. System glitch/user error (28 percent)
3. Unsafe practices by employees (27 percent)
4. Extortion/ransomware (24 percent)
5. Unauthorized access (23 percent)

Broad economic uncertainty, which was second behind cyber on the list of business concerns in the survey a year ago, regained the top spot, according to the survey.

The top five overall concerns were:

1. Broad economic uncertainty (58 percent)
2. Medical cost inflation (58 percent)
3. Cyber risks (56 percent)
4. The impact of the global economy on a company (53 percent)
5. Supply chain risks (51 percent)

Security breaches or someone hacking into a computer system were the top cyber-related business concern.

Declining Concerns

When asked about the level of risk their company currently faces, only 40 percent of respondents said they believe the business environment is becoming more risky, down from 51 percent last year.

That applied to cyber threats, as well, with 56 percent saying they worry some or a great deal, down from 62 percent in 2024 and marking the lowest percentage since 2020.

Related article: Is a Safer World Possible?

The percentage of survey participants from large companies who believed a cyber attack against their company was inevitable declined to 62 percent, compared with 70 percent in 2024.

More than 20 percent of survey respondents said their company had not taken simple protective steps, such as:

• Using firewall protection (24 percent).
• Backing up data and infrastructure (24 percent).
• Requiring password changes (29 percent).
• Keeping software up to date (29 percent).

Still, nearly half of the respondents worry that employees will fall victim to social engineering fraud, leading to the transfer of company funds.

While most reported that having cyber insurance in place was crucial, the statistics tell a different story, with 46 percent of small businesses lacking cyber insurance coverage. Just 21 percent of mid-sized and large companies lack cyber insurance.

“Companies need to stay vigilant and not take their eye off the ball, because the key to successful cyber mitigation is staying ahead of it,” said Lauren Winchester, vice president of Cyber Risk Services at Travelers. “The worst thing a business can do is to become complacent. Don’t stop investing, because the bad actors aren’t stopping.”