The latest results of the 2018 Travelers Risk Index shows that 52 percent of respondents believe that suffering a cyber attack is inevitable, yet a majority of those surveyed reported not taking adequate steps to protect themselves.
Of more than 1,200 business leaders, representing a range of industries and company sizes, 91 percent reported being confident their companies have implemented best practices to avoid a cyber event. But despite their confidence, the same leaders also indicated that:
- 55 percent have not completed a cyber risk assessment for their businesses;
- 62 percent have not developed a business continuity plan;
- 63 percent have not completed a cyber risk assessment on vendors who have access to their data; and
- 50 percent do not purchase cyber insurance.
"Cyber risks carry serious consequences for any business, threatening everything from revenue to operations," said Tim Francis, Enterprise Cyber Lead at Travelers. "These findings reveal some surprising things about how companies view their cyber exposures, their relative confidence in dealing with them and the clear opportunity that exists for them to be better prepared for a cyber attack."
Other key findings from the 2018 Travelers Risk Index include:
- The percentage of respondents who think the current business environment is more risky continues to decrease. In 2018 it was 36 percent, compared to 41 percent in 2016 and 48 percent in 2014.
- Overall, the concern about cyber risk is second only to medical cost inflation, however, it is the top concern of large businesses and in sectors such as technology, banking and professional services.
- The percentage of businesses that have been the victim of a cyber attack has increased. In 2015, 10 percent of study participants said they had been a cyber victim; that number has doubled in 2018.
- Compared to last year's survey, the three biggest cyber concerns remain the same: security breach, system glitch and unauthorized access to bank accounts.
- Three other cyber-related concerns -- operational software systems being remotely hacked, not having the resources to recover from a cyber event and cyber extortion -- saw a jump of at least 5 percentage points from last year.
Over the past few years, multiple third-party reports have shown that small businesses suffer the majority of cyber attacks, yet these businesses are the most likely to report not having cyber insurance coverage. Although small businesses may be a frequent target, 74 percent of survey respondents from small businesses said they did not purchase cyber insurance.
Three-fourths of businesses surveyed admitted that it is difficult to keep up with the ever-changing cyber landscape, evolving information and new digital developments.
To assist businesses of all sizes, there are a range of coverage options, resources and services available to help businesses prepare and recover quickly if and when a cyber event occurs.