- Chapters
- descriptions off, selected
- default, selected
This is a modal window.
Beginning of dialog window. Escape will cancel and close the window.
End of dialog window.
The Travelers
Risk Index
The 2024 survey takes a deep dive into the top concerns of U.S. business leaders from small, medium and large businesses across a wide range of industries.
Learn what perils top the list – and what can be done to help mitigate them.
Cyber Risks Are the #1 Business Concern
This year, businesses are facing a number of challenges and over half of survey participants believe the business world is becoming riskier.
Some of these risks involve well-known issues, such as rising medical costs, broad economic uncertainty, and the ability to attract and retain talent.
Significantly, the number of respondents worried about cyber risks is now at the highest level in the 11-year history of the Travelers Risk Index.
Cyber risk
62%
Medical cost inflation
59%
Increasing employee benefits costs
59%
Broad economic uncertainty
59%
Ability to attract and retain talent
54%
Cyber Awareness Is Key to Fighting Back
Top 5 cyber events experienced by businesses
#1
36% had a security breach
#2
27% were victims of extortion/ransomware
#3
27% had info/systems put at risk by employees
#4
26% had a system glitch
#5
25% had employees fooled into transferring funds into fraudulent accounts
Top cyber concerns of business leaders
57%
Unauthorized access to financial accounts
57%
Security breach/hackers
54%
Becoming a cyber extortion/ransomware victim
53%
Employees putting information/systems at risk
53%
System glitch causing computers to go down
52%
Having the resources and know-how to recover from cyber-related events
Cyber Concerns
Latest trends in cyberattacks
Slide 2 of 2
Carousel Slide1 of 2
Criminals target companies with known vulnerabilities such as open ports. Data shows business leaders have good reason for
concern: nearly one-quarter of companies reported being victimized by a cyber event.
Slide 1 of 2
Carousel Slide 2 pf 2
Attackers are becoming more aggressive, harassing businesses with tactics such
as double extortion which combines encryption with data exfiltration.
Criminals may threaten to leak sensitive information if the ransom is not paid.
Cyber Trends
The proof is in the numbers
140%
increase in companies reporting cyberattacks since 2015
61%
of businesses that reported an attack have been victimized
more than once
27%
of the companies that reported falling victim to a cyber event suffered a ransomware event
Cyber Victimization
Top Cyber Concerns by Industry
Banking
Top cyber concerns
#1
Becoming cyber extortion/ransomware victims
#2
Employees putting information/systems at risk
#3
Security
breach/hackers
90% Believe having proper cybersecurity controls in place is critical, yet:
46% Do not have a post-breach team
40% Do not use endpoint detection and response (EDR) tools
28% Do not have an incident response (IR) plan
26% Do not use multifactor authentication (MFA) for remote access
17% Lack cyber insurance
Construction
Top cyber concerns
#1
Unauthorized access to
financial accounts
#2
Failure to operate company
due to cyber events
#3
Security
breach/hackers
80% Believe having proper cybersecurity controls
in place is critical, yet:
70% Do not use endpoint detection and response (EDR) tools
70% Do not have a post-breach team
56% Do not have an incident response (IR) plan
50% Lack cyber insurance
45% Do not use multifactor authentication (MFA) for remote access
Healthcare
Top cyber concerns
#1
Unauthorized access to
financial accounts
#2
Remote workers who may cause cyber events, system glitches or breaches
#3
Security
breach/hackers
82% Believe having proper cybersecurity controls
in place is critical, yet:
60% Do not use endpoint detection and response (EDR) tools
55% Do not have a post-breach team
44% Do not have an incident response (IR) plan
44% Do not use multifactor authentication (MFA) for remote access
30% Lack cyber insurance
Manufacturing
Top cyber concerns
#1
Becoming a cyber extortion/ransomware victim
#2
Having the resources and know-how to recover from cyber-related events
#3
Unauthorized access into operational technology or industrial control systems
86% Believe having proper cybersecurity controls
in place is critical, yet:
56% Do not have a post-breach team
53% Do not use endpoint detection and response (EDR) tools
41% Do not have an incident response (IR) plan
40% Do not use multifactor authentication (MFA) for remote access
26% Lack cyber insurance
Nonprofits
Top cyber concerns
#1
Security
breach/hackers
#2
Unauthorized access
to financial accounts
#3
Becoming a cyber extortion/ransomware victim
74% Believe having proper cybersecurity controls
in place is critical, yet:
72% Do not use endpoint detection and response (EDR) tools
66% Do not have a post-breach team
47% Do not have an incident response (IR) plan
38% Do not use multifactor authentication (MFA) for remote access
34% Lack cyber insurance
Professional Services
Top cyber concerns
#1
Unauthorized access
to financial accounts
#2
Security
breach/hackers
#3
Security breaches/system
glitch at a vendor
83% Believe having proper cybersecurity controls
in place is critical, yet:
65% Do not use endpoint detection and response (EDR) tools
59% Do not have a post-breach team
55% Do not have an incident response (IR) plan
44% Lack cyber insurance
37% Do not use multifactor authentication (MFA) for remote access
Retail
Top cyber concerns
#1
Unauthorized access
to financial accounts
#2
Having the resources and know-how to recover from cyber-related events
#3
Security
breach/hackers
89% Believe having proper cybersecurity controls
in place is critical, yet:
71% Do not have a post-breach team
61% Do not use endpoint detection and response (EDR) tools
54% Do not have an incident response (IR) plan
40% Do not use multifactor authentication (MFA) for remote access
36% Lack cyber insurance
Technology
Top cyber concerns
#1
Remote workers who may cause cyber events, system glitches or breaches
#2
System glitches causing
computers to go down
#3
Security
breach/hackers
84% Believe having proper cybersecurity controls
in place is critical, yet:
54% Do not have a post-breach team
52% Do not use endpoint detection and response (EDR) tools
47% Do not have an incident response (IR) plan
47% Do not use multifactor authentication (MFA) for remote access
29% Lack cyber insurance
Cyber Preparedness Can Help Reduce the Risk of Attacks
Effective measures businesses can take
Based on survey results, not enough companies are taking action to reduce the risk of becoming a cyber victim.
In fact, many seem overconfident in their abilities to navigate the evolving cyber risk landscape. This false sense of security may increase their risk.
Cyber Preparedness
Cover the basics in terms of cyber protection
More than 20% of businesses are not even implementing basic best practices, such as:
- Putting up firewalls
- Changing passwords regularly
- Patching known exploited vulnerabilities
The Basics
See how companies are fighting back after a breach
- 63% are backing up data
- 61% are keeping systems up to date
- 59% are using multifactor authentication (MFA)
- 49% are using an incident response (IR) plan
- 47% are using endpoint detection and response (EDR) tools
93% of businesses are
familiar with MFA
yet only 63% of survey participants use MFA to ensure
that only authorized users can remotely access their network.
Fighting Back
Know what puts small businesses at high risk
- 81% do not use endpoint detection and response
(EDR) tools
- 81% do not have a post-breach team
- 69% do not have an incident response (IR) plan
- 52% do not use multifactor authentication (MFA)
Small Businesses
Travelers CyberRisk Offers:
- Travelers eRiskHub® Powered by NetDiligence®
- Travelers Cyber Threat Alerts
- Cyber Breach Coach
- SentinelOne® Endpoint Detection and Response (EDR)
- HCL Technologies Cyber Resilience Readiness
Assessment and Cyber Security Professional Consultation - HCL Technologies Security Coach Helpline
- HCL Technologies Cyber Security Training Videos
- Travelers Claim Services
Coverage and Services
It’s important that companies know the steps they can take to help avoid a cyberattack.
We’d like to see more businesses taking protective measures and utilizing tactics like multifactor authentication, endpoint detection and response and creating an incident response plan.
- Tim Francis, Travelers Enterprise Cyber Lead
Cyber Insurance Can Help
Your Business Be Prepared
Cyber
Team
Risk
Help
Travelers has long been committed to helping insureds manage and mitigate cyber risks. Our dedicated team of underwriters, claim professionals and risk control specialists are ready to help insure and protect your business assets today.
Almost 80% of those surveyed say having cyber insurance is critical yet only 65% have reported buying cyber insurance.
Companies of all shapes and sizes lack proper cyber coverage
53
53%
%
of small businesses lack cyber insurance
18
18%
%
of midsized businesses lack cyber insurance
17
17%
%
of large businesses lack cyber insurance
Percentage of businesses
without cyber insurance, per industry
Construction
44%
Professional Services
35%
Retail
32%
Nonprofits
25%
Healthcare
25%
Technology
24%
Manufacturing
19%
Banking
15%
17%
Banking
50%
Construction
30%
Healthcare
26%
Manufacturing
34%
Nonprofits
44%
Professional Services
36%
Retail
29%
Technology
Questions about cyber insurance
What is Cyber Liability Insurance?
Cyber liability insurance provides a combination of coverage options and services to help protect businesses against data breaches and other cyber events, as well as recover quickly if a cyberattack does take place.
Why is Cyber Insurance Necessary?
Cyber liability insurance can help cover costs associated with data breaches and cyberattacks. Those costs can include such things as lost income due to a cyber event, notifying customers affected by a breach, recovering compromised data, repairing damaged computer systems and more.
Who needs Cyber Liability Insurance?
Any type of business or organization that uses technology faces cyber risk. As technology becomes more complex and sophisticated, so do the cyber threats. That’s why it’s so critical to be prepared with both cyber liability insurance and an effective cybersecurity plan to help manage and mitigate cyber risk.
Why Travelers for Cyber Liability Insurance
Travelers cyber coverage can be a crucial safeguard against the potentially devastating financial consequences of a cyberattack. Travelers can help you customize insurance solutions to your business’ level of risk with coverage options to address:
- Forensic investigations
- Litigation expenses
- Regulatory defense expenses/fines
- Crisis management expenses
- Business interruption
- Cyber extortion
- Betterment
Learn How to Get Ahead of Cyber Risks
Understanding cybersecurity risks can go a long way toward protecting your business. To learn more about Cyber coverage options and tools visit travelers.com/cyber.