Cyber Insurance
Cyber Preparedness
Cyber Awareness
Business Concerns
The 2024 survey takes a deep dive into the top concerns of U.S. business leaders from small, medium and large businesses across a wide range of industries.
Learn what perils top the list – and what can be done to help mitigate them.
The Travelers
Risk Index
Ability to attract and retain talent
54%
Broad economic uncertainty
59%
Increasing employee benefits costs
59%
Medical cost inflation
59%
Cyber risk
62%
This year, businesses are facing a number of challenges and over half of survey participants believe the business world is becoming riskier.
Some of these risks involve well-known issues, such as rising medical costs, broad economic uncertainty, and the ability to attract and retain talent. ��Significantly, the number of respondents worried about cyber risks is now at the highest level in the 11-year history of the Travelers Risk Index.
Cyber Risks Are the #1 Business Concern
36% had a security breach
#1
27% were victums of extortion/ransomware
#2
27% had info/systems put at risk by employees
#3
26% had a system glitch
#4
25% had employees fooled into transferring funds into fraudulent accounts
#5
Top 5 cyber events experienced by businesses
Cyber Awareness Is Key to Fighting Back
Almost 80% of those surveyed say having cyber insurance is critical yet only 65% have reported buying cyber insurance.
Travelers has long been committed to helping insureds manage and mitigate cyber risks. Our dedicated team of underwriters, claim professionals and risk control specialists are ready to help insure and protect your business assets today.
Cyber Insurance Can Help
Your Business Be Prepared
29%
Technology
36%
Retail
44%
Professional Services
34%
Nonprofits
26%
Manufacturing
30%
Healthcare
Construction
17%
Banking
Percentage of businesses
without cyber insurance, per industry
Understanding cybersecurity risks can go a long way toward protecting your business. To learn more about Cyber coverage options and tools visit travelers.com/cyber. �
Learn How to Get Ahead of Cyber Risks
Why Travelers for Cyber Liability Insurance?
Business interruption
Cyber extortion
Betterment
Why Travelers for Cyber Liability Insurance
Travelers cyber coverage can be a crucial safeguard against the potentially devastating financial consequences of a cyberattack. Travelers can help you customize insurance solutions to your business’ level of risk with coverage options to address:
Who needs Cyber Liability Insurance?
Who needs Cyber Liability Insurance?
Any type of business or organization that uses technology faces cyber risk. As technology becomes more complex and sophisticated, so do the cyber threats. That’s why it’s so critical to be prepared with both cyber liability insurance and an effective cybersecurity plan to help manage and mitigate cyber risk.
Why is Cyber Insurance Necessary?
Why is Cyber Insurance Necessary?
Cyber liability insurance can help cover costs associated with data breaches and cyberattacks. Those costs can include such things as lost income due to a cyber event, notifying customers affected by a breach, recovering compromised data, repairing damaged computer systems and more.
What is Cyber Liability Insurance?
What is Cyber Liability Insurance?
Cyber liability insurance provides a combination of coverage options and services to help protect businesses against data breaches and other cyber events, as well as recover quickly if a cyberattack does take place.
Questions about cyber insurance
17%
17
%
of large businesses lack cyber insurance
18%
18
%
of midsized businesses lack cyber insurance
53%
53
%
of small businesses lack cyber insurance
Companies of all shapes and sizes lack proper cyber coverage
50%
Forensic investigations
Litigation expenses
Regulatory defense expenses/fines
Crisis management expenses
Construction
44%
Professional Services
35%
Retail
32%
Nonprofits
25%
Healthcare
25%
Technology
24%
Manufacturing
19%
Banking
15%
Top Cyber Concerns by Industry
Technology
Remote workers who may cause cyber events, system glitches or breaches
System glitches causing
computers to go down
Security breach/hackers
Top cyber concerns
54% Do not have a post-breach team�52% Do not use endpoint detection and response (EDR) tools�47% Do not have an incident response (IR) plan
47% Do not use multifactor authentication (MFA) for remote access
29% Lack cyber insurance
84% Believe having proper cybersecurity controls in place is critical yet:
Technology
Retail
Unauthorized access
to financial accounts
Having the resources and know-how to recover from cyber-related events
Security breach/hackers
Top cyber concerns
71% Do not have a post-breach team�61% Do not use endpoint detection and response (EDR) tools�54% Do not have an incident response (IR) plan
40% Do not use multifactor authentication (MFA) for remote access
36% Lack cyber insurance
89% Believe having proper cybersecurity controls in place is critical ,yet:
Retail
Professional Services
#1
Unauthorized access
to financial accounts
#2
Security breach/hackers
#3
Security breaches/system
glitch at a vendor
Top cyber concerns
65% Do not use endpoint detection and response (EDR) tools�59% Do not have a post-breach team�55% Do not have an incident response (IR) plan
44% Lack cyber insurance
37% Do not use multifactor authentication (MFA) for remote access
83% Believe having proper cybersecurity controls in place is critical, yet:
Professional Services
Nonprofits
#1
Security breach/hackers
#2
Unauthorized access
to financial accounts
#3
Becoming a cyber extortion/ransomware victim
Top cyber concerns
72% Do not use endpoint detection and response (EDR) tools�66% Do not have a post-breach team�47% Do not have an incident response (IR) plan
38% Do not use multifactor authentication (MFA) for remote access
34% Lack cyber insurance
74% Believe having proper cybersecurity controls
in place is critical, yet:
Nonprofits
Manufacturing
#1
Becoming a cyber extortion/ransomware victim
#2
Having the resources and know-how to recover from cyber-related events
#3
Unauthorized access into operational technology or industrial control systems
Top cyber concerns
56% Do not have a post-breach team�53% Do not use endpoint detection and response (EDR) tools�41% Do not have an incident response (IR) plan
40% Do not use multifactor authentication (MFA) for remote access
26% Lack cyber insurance
86% Believe having proper cybersecurity controls in place is critical, yet:
Manufacturing
Healthcare
#1
Unauthorized access to
financial accounts
#2
Remote workers who may cause cyber events, system glitches or breaches
#3
Security breach/hackers
Top cyber concerns
60% Do not use endpoint detection and response (EDR) tools�55% Do not have a post-breach team�44% Do not have an incident response (IR) plan
44% Do not use multifact or authentication (MFA) for remote access
30% Lack cyber insurance
82% Believe having proper cybersecurity controls in place is critical, yet:
Healthcare
Construction
#1
Unauthorized access to
financial accounts
#2
Failure to operate company
due to cyber events
#3
Security breach/hackers
Top cyber concerns
70% Do not use endpoint detection and response (EDR) tools�70% Do not have a post-breach team�56% Do not have an incident response (IR) plan
50% Lack cyber insurance
45% Do not use multifactor authentication (MFA) for remote access
80% Believe having proper cybersecurity controls in place is critical, yet:
Construction
Banking
#1
Becoming cyber extortion/ransomware victims
#2
Employees putting information/systems at risk
#3
Security breach/hackers
Top cyber concerns
46% Do not have a post-breach team�40% Do not use endpoint detection and response (EDR) tools�28% Do not have an incident response (IR) plan
26% Do not use multifactor authentication (MFA) for remote access
17% Lack cyber insurance
90% Believe having proper cybersecurity controls in place is critical, yet:
Banking
Team
Cyber
Risk
Help
27%
of the companies that reported falling victim to a cyber event suffered a ransomware event
140%
increase in companies reporting cyberattacks since 2015
61%
of businesses that reported an attack have been victimized �more than once
The proof is in the numbers
Latest trends in cyberattacks
Attackers are becoming more aggressive, harassing businesses with tactics such �as double extortion which combines encryption with data exfiltration. �Criminals may threaten to leak sensitive information if the ransom is not paid.
Carousel Slide 2 pf 2
Criminals target companies with known vulnerabilities such as open ports. Data shows business leaders have good reason for �concern: nearly one-quarter of companies reported being victimized by a cyber event.
Carousel Slide1 of 2
Top cyber concerns of business leaders
Unauthorized access to financial accounts
57%
Security breach/hackers
57%
Becoming a cyber extortion/ransomware victim
54%
Employees putting information/systems at risk
53%
System glitch causing computers to go down
53%
Having the resources and know-how to recover from cyber-related events
52%
Cyber Concerns
Cyber Trends
Cyber Victimization
Top Cyber Concerns by Industry
Technology
#1
Remote workers who may cause cyber events, system glitches or breaches
#2
System glitches causing
computers to go down
#3
Security
breach/hackers
Top cyber concerns
54% Do not have a post-breach team�52% Do not use endpoint detection and response (EDR) tools�47% Do not have an incident response (IR) plan
47% Do not use multifactor authentication (MFA) for remote access
29% Lack cyber insurance
84% Believe having proper cybersecurity controls
in place is critical, yet:
Technology
Retail
#1
Unauthorized access
to financial accounts
#2
Having the resources and know-how to recover from cyber-related events
#3
Top cyber concerns
71% Do not have a post-breach team�61% Do not use endpoint detection and response (EDR) tools�54% Do not have an incident response (IR) plan
40% Do not use multifactor authentication (MFA) for remote access
36% Lack cyber insurance
89% Believe having proper cybersecurity controls
in place is critical, yet:
Retail
Professional Services
#1
Unauthorized access
to financial accounts
#2
Security
breach/hackers
#3
Security breaches/system
glitch at a vendor
Top cyber concerns
65% Do not use endpoint detection and response (EDR) tools�59% Do not have a post-breach team�55% Do not have an incident response (IR) plan
44% Lack cyber insurance
37% Do not use multifactor authentication (MFA) for remote access
83% Believe having proper cybersecurity controls
in place is critical, yet:
Professional Services
Nonprofits
#1
Security
breach/hackers
#2
Unauthorized access
to financial accounts
#3
Becoming a cyber extortion/ransomware victim
Top cyber concerns
72% Do not use endpoint detection and response (EDR) tools�66% Do not have a post-breach team�47% Do not have an incident response (IR) plan
38% Do not use multifactor authentication (MFA) for remote access
34% Lack cyber insurance
74% Believe having proper cybersecurity controls
in place is critical, yet:
Nonprofits
Manufacturing
#1
Becoming a cyber extortion/ransomware victim
#2
Having the resources and know-how to recover from cyber-related events
#3
Unauthorized access into operational technology or industrial control systems
Top cyber concerns
56% Do not have a post-breach team�53% Do not use endpoint detection and response (EDR) tools�41% Do not have an incident response (IR) plan
40% Do not use multifactor authentication (MFA) for remote access
26% Lack cyber insurance
86% Believe having proper cybersecurity controls
in place is critical, yet:
Manufacturing
Healthcare
#1
Unauthorized access to
financial accounts
#2
Remote workers who may cause cyber events, system glitches or breaches
#3
Top cyber concerns
60% Do not use endpoint detection and response (EDR) tools�55% Do not have a post-breach team�44% Do not have an incident response (IR) plan
44% Do not use multifactor authentication (MFA) for remote access�30% Lack cyber insurance
82% Believe having proper cybersecurity controls
in place is critical, yet:
Healthcare
Construction
#1
Unauthorized access to
financial accounts
#2
Failure to operate company
due to cyber events
#3
Top cyber concerns
70% Do not use endpoint detection and response (EDR) tools�70% Do not have a post-breach team�56% Do not have an incident response (IR) plan
50% Lack cyber insurance
45% Do not use multifactor authentication (MFA) for remote access
80% Believe having proper cybersecurity controls
in place is critical, yet:
Construction
Banking
#1
Becoming cyber extortion/ransomware victims
#2
Employees putting information/systems at risk
#3
Security
breach/hackers
Top cyber concerns
46% Do not have a post-breach team�40% Do not use endpoint detection and response (EDR) tools�28% Do not have an incident response (IR) plan
26% Do not use multifactor authentication (MFA) for remote access
17% Lack cyber insurance
90% Believe having proper cybersecurity controls in place is critical, yet:
Banking
36% had a security breach
#1
27% were victims of extortion/ransomware
#2
27% had info/systems put at risk by employees
#3
26% had a system glitch
#4
25% had employees fooled into transferring funds into fraudulent accounts
#5
Top 5 cyber events experienced by businesses
Cyber Awareness Is Key to Fighting Back
Security
breach/hackers
Security
breach/hackers
Security
breach/hackers
- Tim Francis, Travelers Enterprise Cyber Lead
It’s important that companies know the steps they can take to help avoid a cyberattack. �We’d like to see more businesses taking protective measures and utilizing tactics like multifactor authentication, endpoint detection and response and creating an incident response plan.
Cyber Preparedness
The Basics
Fighting Back
Small Businesses
Coverage and Services
Travelers eRiskHub® Powered by NetDiligence®
Travelers Cyber Threat Alerts
Cyber Breach Coach
SentinelOne® Endpoint Detection and Response (EDR)
HCL Technologies Cyber Resilience Readiness �Assessment and Cyber Security Professional Consultation
HCL Technologies Security Coach Helpline
HCL Technologies Cyber Security Training Videos
Travelers Claim Services
Travelers CyberRisk Offers:
81% do not use endpoint detection and response �(EDR) tools
81% do not have a post-breach team
69% do not have an incident response (IR) plan
52% do not use multifactor authentication (MFA)
Know what puts small businesses at high risk
More than 20% of businesses are not even implementing basic best practices, such as:
Putting up firewalls
Changing passwords regularly
Patching known exploited vulnerabilities
Cover the basics in terms of cyber protection
Based on survey results, not enough companies are taking action to reduce the risk of becoming a cyber victim. �In fact, many seem overconfident in their abilities to navigate the evolving cyber risk landscape. This false sense of security may increase their risk.
Cyber Preparedness Can Help Reduce the Risk of Attacks
Effective measures businesses can take
63% are backing up data
61% are keeping systems up to date
59% are using multifactor authentication (MFA)
49% are using an incident response (IR) plan
47% are using endpoint detection and response (EDR) tools
See how companies are fighting back after a breach
See how MFA works
93% of businesses are �familiar with MFA �yet only 63% of survey participants use MFA to ensure �that only authorized users can remotely access their network.
Transcript
READ TRANSCRIPT
Ability to attract and retain talent
54%
Broad economic uncertainty
59%
Increasing employee benefits costs
59%
Medical cost inflation
59%
Cyber risks
62%
Jump to a section
This year, businesses are facing a number of challenges and over half of survey participants believe the business world is becoming riskier. �� Some of these risks involve well-known issues, such as rising medical costs, broad economic uncertainty, and the ability to attract and retain talent.
Significantly, the number of respondents worried about cyber risks is now at the highest level in the
11-year history of the Travelers Risk Index.
Cyber Concerns
Cyber Trends
Cyber Victimization
237%
increase in ransomware events in small businesses
27%
of the companies that reported falling victim to a cyber event suffered a ransomware event
130%
increase in companies reporting cyberattacks since 2015
60%
of businesses that reported an attack were victimized �more than once
The proof is in the numbers
Latest trends in cyberattacks
Attackers are becoming more aggressive, harassing businesses with tactics such as double extortion which combines encryption with data exfiltration. Criminals may threaten to leak sensitive information if the ransom is not paid.
Criminals target companies with known vulnerabilities such as open ports. Data shows business leaders have good reason for �concern: nearly 25% of companies reported �being victimized by a cyber event.
Top cyber concerns of business leaders
Unauthorized access to financial accounts
57%
Security breach/hackers
57%
Becoming a cyber extortion/ransomware victim
54%
Employees putting information/systems at risk
53%
System glitch causing computers to go down
53%
Having the resources and know-how to recover from cyber-related events
52%
- Tim Francis, Travelers Enterprise Cyber Lead
It’s important that companies know the steps they can take to help avoid a cyberattack. We’d like to see more businesses taking protective measures and utilizing tactics like multifactor authentication, endpoint detection and response and creating an incident response plan.
Cyber Preparedness
The Basics
Fighting Back
Small Businesses
Coverage and Services
Travelers CyberRisk Offers:
Travelers eRiskHub® Powered by NetDiligence®
Travelers Cyber Threat Alerts
Cyber Breach Coach
SentinelOne® Endpoint Detection and Response (EDR)
HCL Technologies Cyber Resilience Readiness �Assessment and Cyber Security Professional Consultation
HCL Technologies Security Coach Helpline
HCL Technologies Cyber Security Training Videos
Travelers Claim Services
81% do not use endpoint detection and response (EDR) tools
81% do not have a post-breach team
69% do not have an incident response (IR) plan
52% do not use multifactor authentication (MFA)
Know what puts small businesses at high risk
63% are backing up data
61% are keeping systems up to date
59% are implementing multifactor authentication (MFA)
49% are implementing an incident response (IR) plan
47% are using endpoint detection and response (EDR) tools
See how companies are fighting back after a breach
93% of businesses are familiar with MFA yet only 63% of survey participants use MFA to ensure that only authorized users can remotely access their network.
See how MFA works
More than 20% of businesses are not even implementing basic best practices, such as:
Putting up firewalls
Changing passwords regularly
Patching known exploited vulnerabilities
Cover the basics in terms of cyber protection
Based on survey results, not enough companies are taking action to reduce the risk of becoming a cyber victim. �In fact, many seem overconfident in their abilities to navigate the evolving cyber risk landscape. This false sense of security may increase their risk.
Effective measures businesses can take
Cyber Preparedness Can Help Reduce the Risk of Attacks
#1
#2
#3
#1
#2
#3
READ TRANSCRIPT
