November 29, 2022
by Jim Masters • Sep 26, 2022 For the third time in four years, cyber threats were the top overall concern for business decision makers, according to a survey from Travelers Companies Inc. and conducted by Hart Research Associates. Travelers, a provider of home, auto and business insurance products, surveyed 1,200 individuals for its 2022…

by Jim Masters • Sep 26, 2022

For the third time in four years, cyber threats were the top overall concern for business decision makers, according to a survey from Travelers Companies Inc. and conducted by Hart Research Associates.

Travelers, a provider of home, auto and business insurance products, surveyed 1,200 individuals for its 2022 Travelers Risk Index. Of those surveyed, 57% of whom said that today’s business environment is riskier compared to a year ago and believe a future cyberattack on their company or organization is inevitable.

While cyber threats (59%) again were the leading concern, Travelers reports other major fears of businesses in 2022 include:

  • Broad economic uncertainty (57%)
  • Fluctuations in oil and energy costs (56%),
  • The ability to attract and retain talent (56%)
  • Medical cost inflation (55%)

Travelers notes big jumps this year around concerns in oil and energy costs (a 16-point increase, up from 40%,) and supply chain risks (54%, up from 43%).

A Deeper Dive Into The Survey

Overconfidence in navigating the evolving cyber landscape is causing a false sense of security, Travelers asserts. In fact, 93% of respondents said that they were confident their company had implemented best practices to prevent or mitigate a cyber event.

When asked whether their company had taken specific prevention measures, the majority had not. Travelers reports that 64% of respondents said they do not use endpoint detection and response (EDR) measures. Also, 59% have not conducted a cyber assessment for vendors, and 53% don’t have an incident response plan.

Additionally, multifactor authentication (MFA) has been slow to catch on, as 90% of respondents said they were familiar with MFA but only 52% said their company had implemented the practice for remote access.

Tim Francis, Enterprise Cyber lead at Travelers, added context to the survey results:

“Cyberattacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions. Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber event.”

Security Breach, Hacking Cause Most Concern

Other cybersecurity related findings include:

  • Suffering a security breach or someone hacking into a business computer system remain top concerns, as 57% said they worry about it “some or a great deal.” Meanwhile, 55% said a system glitch causing the company’s computers to go down was a top concern. Also, becoming a cyber extortion/ransomware victim moved from eighth position to third this year at 54%.
  • For the seventh consecutive year, there was an increase in the percentage of survey participants who said their company had suffered a data breach or cyber event. This year, 26% said their company had been a cyber victim, with 49% reporting that the event had happened within the past 12 months.
  • Of those who said their company had suffered a data breach or cyber event, 71% have been a victim more than once.
  • Nearly 75% of respondents said they believe having a cyber insurance policy is critical. However, only 59% said their company had a policy, up only 3 points from 2021. Small businesses accounted for the largest increase of cyber policy purchasers, up from 30%, to 38% this year.

Francis offered warning against not being prepared for a cyber incident:

“Multiple cyberattacks might not be random. If you were vulnerable before and don’t take appropriate action as a result, you continue to be at risk. It’s important to take the prospect of a cyberattack seriously and to put your company in position to successfully manage a likely event.”

Source