The 2025 survey takes a deep dive into the top concerns of U.S. business leaders from small, medium and large businesses across a wide range of industries.
Learn what perils top the list – and what can be done to help mitigate them.
80% of those surveyed say having cyber insurance is critical, yet only 63% have reported buying cyber insurance.
Travelers has long been committed to managing and mitigating cyber risk. Our dedicated team of underwriters, Claim professionals and Cyber Risk Services specialists are ready to help insure and protect business assets today.
Cyber Insurance Can Help Businesses Be Prepared
Learn How to Get Ahead of Cyber Risks
Why Travelers for cyber liability insurance?
Business interruption
Cyber extortion
Betterment
Why Travelers for cyber liability insurance?
Travelers cyber coverage can be a crucial safeguard against the potentially devastating financial consequences of a cyberattack. Travelers can help businesses customize insurance solutions to their level of risk with coverage options to address:
Who needs cyber liability insurance?
Who needs cyber liability insurance?
Any type of business or organization that uses technology faces cyber risk. As technology becomes more complex and sophisticated, so do the cyber threats. That’s why it’s so critical to be prepared with both cyber liability insurance and an effective cybersecurity plan to help manage and mitigate cyber risk.
Why is cyber insurance necessary?
Why is cyber insurance necessary?
Cyber insurance can help cover costs associated with data breaches and cyberattacks. Those costs can include such things as lost income due to a cyber event, notifying customers affected by a breach, recovering compromised data, repairing damaged computer systems and more.
What is cyber liability insurance?
What is cyber liability insurance?
Cyber liability insurance provides a combination of coverage options and services to help businesses protect against data breaches and other cyber events and recover quickly if a cyberattack does take place.
Questions about cyber insurance
21%
21
%
of large businesses lack cyber insurance
21%
21
%
of midsized businesses lack cyber insurance
46%
46
%
of small businesses lack cyber insurance
Companies of all shapes and sizes lack proper cyber coverage
Forensic investigations
Litigation expenses
Regulatory defense expenses/fines
Crisis management expenses
Team
Cyber
Risk
Help
39%
150%
increase in companies reporting cyberattacks in the last 10 years
60%
of businesses that reported an attack were victimized �more than once
The proof is in the numbers
Trends in Social Engineering Fraud (SEF)
Almost half of all respondents worry about someone fooling employees into transferring company funds to a fraudulent account using SEF techniques.
From fake emails and urgent texts from the CFO, to fake ransomware letters with QR codes, to someone pretending to be IT support in a chat window, social engineering fraud starts with human trust but can lead to a major loss.
Top cyber concerns of business leaders
Security breach/hackers
56%
Unauthorized access to financial accounts
55%
Compromise/theft �of client records
53%
Security breaches/system glitch at a vendor
53%
Becoming a cyber extortion/ransomware victim
53%
Employees putting information/system at risk
51%
Cyber Concerns
Cyber Trends
Cyber Victimization
Top Cyber Concerns by Industry
Technology
#1
Global/political instability �leading to a cyber event
#2
Unauthorized access to financial accounts
#3
Security
breach/hackers
Top cyber concerns
42% do not use endpoint detection and response (EDR) tools�37% do not have a post-breach team�35% do not have an incident response (IR) plan
28% do not use multifactor authentication (MFA) for remote access
92% believe having proper cybersecurity controls
in place is critical, yet:
Technology
Retail
#1
Unauthorized access
to financial accounts
#2
Compromise/theft �of client records
#3
Top cyber concerns
65% do not use endpoint detection and response (EDR) tools�62% do not have a post-breach team�48% do not have an incident response (IR) plan
40% do not use multifactor authentication (MFA) for remote access
75% believe having proper cybersecurity controls
in place is critical, yet:
Retail
Professional Services
#1
Security breach/hackers
#2
Having the resources and know-how to recover from cyber-related events
#3
Unauthorized access to financial accounts
Top cyber concerns
62% do not have a post-breach team�54% do not use endpoint detection and response (EDR) tools�51% do not have an incident response (IR) plan
38% do not use multifactor authentication (MFA) for remote access
75% believe having proper cybersecurity controls
in place is critical, yet:
Professional Services
Nonprofits
#1
Security
breach/hackers
#2
Employees putting information or systems at risk
#3
Unauthorized access to financial accounts
Top cyber concerns
60% do not have a post-breach team�57% do not use endpoint detection and response (EDR) tools�53% do not have an incident response (IR) plan
29% do not use multifactor authentication (MFA) for remote access
73% believe having proper cybersecurity controls
in place is critical, yet:
Nonprofits
Manufacturing
#1
Unauthorized access to financial accounts
#2
Compromise/theft �of client records
#3
Remote workers who may cause cyber events, system glitches or breaches
Top cyber concerns
57% do not have a post-breach team�50% do not use endpoint detection and response (EDR) tools�45% do not have an incident response (IR) plan
25% do not use multifactor authentication (MFA) for remote access
83% believe having proper cybersecurity controls
in place is critical, yet:
Manufacturing
Healthcare
#1
Security breach/hackers
#2
Compromise/theft �of client records
#3
Top cyber concerns
62% do not have a post-breach team�51% do not use endpoint detection and response (EDR) tools�46% do not have an incident response (IR) plan
37% do not use multifactor authentication (MFA) for remote access
83% believe having proper cybersecurity controls
in place is critical, yet:
Healthcare
Construction
#1
Unauthorized access to financial accounts
#2
Security breaches/system glitch at a vendor
#3
Top cyber concerns
65% do not use endpoint detection and response (EDR) tools�61% do not have a post-breach team�45% do not have an incident response (IR) plan
36% do not use multifactor authentication (MFA) for remote access
76% believe having proper cybersecurity controls
in place is critical, yet:
Construction
Banking
#1
Unauthorized access to financial accounts
#2
Remote workers who may cause cyber events, system glitches or breaches
#3
Security
breach/hackers
Top cyber concerns
45% do not have a post-breach team�44% do not use endpoint detection and response (EDR) tools�35% do not have an incident response (IR) plan
34% do not use multifactor authentication (MFA) for remote access
87% believe having proper cybersecurity controls in place is critical, yet:
Banking
39% had a security breach – someone gaining unauthorized access
#1
28% had a system glitch or user error
#2
27% had info/systems put at risk by employees using unsafe practices
#3
24% were targets of extortion/ransomware
#4
23% were victims of unauthorized access into operational or industrial control systems
#5
Top 5 cyber events experienced by businesses
Cyber Awareness Is Key to Fighting Back
Understanding privacy laws and federal cybersecurity regulations
Having the resources and know-how to recover from cyber-related events
Security breaches/system glitch at a vendor
- Tim Francis, Travelers Enterprise Cyber Lead
It’s important that companies know the steps they can take to help avoid a cyberattack. �We’d like to see more businesses taking protective measures and utilizing tactics like multifactor authentication, endpoint detection and response and creating an incident response plan.
Cyber Preparedness
The Basics
Fighting Back
Preventive Tactics
Coverage and Services
86% of business leaders are confident in the proactive cybersecurity guidance from their insurance carriers
Businesses need to take preparation seriously
More than 20% of businesses are not implementing basic best practices, such as:
Putting up firewalls
Changing passwords regularly
Patching known exploited vulnerabilities
Cover the basics in terms of cyber protection
Based on survey results, not enough companies are taking action to reduce the risk of becoming a cyber victim.
Cyber Preparedness Can Help Reduce the Risk of Attacks
Effective measures businesses can take
63% are keeping systems up to date
58% are backing up data
50% are filtering and scanning email
48% are implementing multifactor authentication (MFA)
47% are migrating to cloud
See how companies are fighting back after a breach
See how MFA works
94% of businesses are familiar with MFA yet only 60% of survey participants use MFA to ensure that administrative users are validated prior to being granted access in the network.
READ TRANSCRIPT
of companies that reported falling victim to a cyber event had �a security breach
See how these attacks work
Travelers cyber coverage with Travelers Cyber Risk Services, available at no additional cost for cyber policyholders, is shown �to reduce the risk of a breach by almost 20%* with:
Always-on threat monitoring and tailored alerts
Expert guidance from our in-house Cyber Risk Services team
24/7 Cyber Risk Dashboard
*The frequency and severity of cyber insurance claims were found to be lower across all policyholder organizations that met a minimum threshold for engaging with the service offerings described above by registering their account on the Cyber Risk Dashboard.
Results show that over half of all businesses surveyed do not:
Simulate cyberattacks to identify areas �of system vulnerability
Have a post-incident response team as �part of an incident response plan
Use endpoint detection and response (EDR) tools
Transcript
READ TRANSCRIPT
Cyber Insurance
Cyber Preparedness
Cyber Awareness
Business Concerns
The Travelers
Risk Index
Watch Video
While businesses can’t plan for �a cyberattack, Travelers Cyber �Risk Services offers threat monitoring, tools and services �to help businesses plan to prevent one. Our short video explains.
24/7 access to the Cyber Risk Dashboard: Get access �to resources and custom security recommendations.
Always-on threat monitoring and alerts: Help stop attacks before they escalate with tailored same-day threat alerts.
Expert guidance: Receive personalized, step-by-step recommendations from our in-house Cyber Risk Services team.
of business leaders are confident in the proactive cybersecurity guidance from insurance carriers – a higher rate than their confidence in third-party vendors or service providers.
86%
These services include what businesses are looking for:
60%
Cyber victims being hit multiple times
25%
Businesses reporting breaches
This year, cyber threats are the No. 1 business concern for medium and large companies.
For the ninth time in 10 years, cyber victimization has increased. More businesses are falling victim to cyber events, with 25% now reporting breaches and 60% �of victims being hit multiple times.
But despite the ongoing threats, basic cybersecurity �gaps persist.
Cyber Risks Remain a Top Business Concern
Businesses Express Worry �About Cyber Threats
%
of medium-sized �businesses
of large �businesses
1
%
1
Understanding cybersecurity risks can go a long way toward protecting businesses. To learn more about Cyber coverage �options and tools, visit travelers.com/cyber.�
Understanding cybersecurity risks can go a long way toward protecting your business. To learn more about Cyber coverage options and tools visit travelers.com/cyber.
Learn How to Get Ahead of Cyber Risks
Why Travelers for Cyber Liability Insurance?
Business interruption
Cyber extortion
Betterment
Forensic investigations
Litigation expenses
Regulatory defense expenses/fines
Crisis management expenses
Why Travelers for Cyber Liability Insurance
Travelers cyber coverage can be a crucial safeguard against the potentially devastating financial consequences of a cyberattack. Travelers can help you customize insurance solutions to your business’s level of risk with coverage options to address:
Who needs Cyber Liability Insurance?
Who needs Cyber Liability Insurance?
Any type of business or organization that uses technology faces cyber risk. As technology becomes more complex and sophisticated, so do the cyber threats. That’s why it’s so critical to be prepared with both cyber liability insurance and an effective cybersecurity plan to help manage and mitigate cyber risk.
Why is Cyber Insurance Necessary?
Why is Cyber Insurance Necessary?
Cyber insurance can help cover costs associated with data breaches and cyberattacks. Those costs can include such things as lost income due to a cyber event, notifying customers affected by a breach, recovering compromised data, repairing damaged computer systems and more.
What is Cyber Liability Insurance?
What is Cyber Liability Insurance?
Cyber liability insurance provides a combination of coverage options and services to help protect businesses against data breaches and other cyber events, as well as recover quickly if a cyberattack does take place.
Questions about cyber insurance
READ TRANSCRIPT
Watch Video
While you can’t plan for a cyberattack, Travelers Cyber Risk Services offers threat monitoring, tools and services to help you plan to prevent one. Our short video explains.
24/7 access to the Cyber Risk Dashboard: Get access to resources and custom security recommendations.
Always-on threat monitoring and alerts: Help stop attacks before they escalate with tailored same-day threat alerts.
Expert guidance: Receive personalized, step-by-step recommendations from our in-house Cyber Risk Services team.
These services include what businesses are looking for:
of business leaders trust proactive and prevention cybersecurity guidance from insurance carriers more than third-party vendors or service providers.
55%
Team
Cyber
Risk
Help
21%
21
%
of large businesses lack cyber insurance
21%
21
%
of midsized businesses lack cyber insurance
46%
46
%
of small businesses lack cyber insurance
Companies of all shapes and sizes lack proper cyber coverage
Almost 80% of those surveyed say having cyber insurance is critical yet only 63% have reported buying cyber insurance.
Travelers has long been committed to managing and mitigating cyber risk. Our dedicated team of underwriters, Claim professionals and Cyber Risk Services specialists are ready to help insure and protect your business assets today.
Cyber Insurance Can Help
Your Business Be Prepared
Coverage and Services
*The frequency and severity of cyber insurance claims were found to be lower across all policyholder organizations that met a minimum threshold for engaging with the service offerings described above by registering their account on the Cyber Risk Dashboard.
Over half of survey respondents are more confident about the cyber guidance they receive from their carrier
Travelers cyber coverage with Travelers Cyber Risk Services, available at no additional cost for cyber policyholders, is shown to reduce the risk of a breach by almost 20%* with:
Always-on threat monitoring and tailored alerts
Expert guidance from our in-house Cyber Risk Services team
24/7 Cyber Risk Dashboard
Fighting Back
READ TRANSCRIPT
94% of businesses are familiar with MFA yet only 60% of survey participants use MFA to ensure that administrative users are validated prior to being granted access in the network.
See how MFA works
63% are keeping systems up to date
58% are backing up data
50% are filtering and scanning email
48% are implementing multifactor authentication (MFA)
47% are migrating to cloud
See how companies are fighting back after a breach
Preventative Tactics
Results show over half of all businesses surveyed do not:
Simulate cyberattacks to identify areas of �system vulnerability
Have a post-incident response team as part of an incident response plan
Use endpoint detection and response (EDR) tools
Have a written disaster recovery plan
Businesses need to take preparation seriously
The Basics
More than 20% of businesses are not even implementing basic best practices, such as:
Putting up firewalls
Changing passwords regularly
Patching known exploited vulnerabilities
Cover the basics in terms of cyber protection
Cyber Preparedness
Based on survey results, not enough companies are taking action to reduce the risk of becoming a cyber victim. In fact, many seem overconfident in their abilities to navigate the evolving cyber risk landscape. This false sense of security may increase their risk.
Effective measures businesses can take
Cyber Preparedness Can Help Reduce the Risk of Attacks
Cyber Victimization
23%
of the companies that reported falling victim to a cyber event had unauthorized access into operational or industrial control systems
140%
increase in companies reporting cyberattacks in the last 10 years
60%
of businesses that reported an attack were victimized �more than once
The proof is in the numbers
Cyber Trends
Almost half of all respondents worry about someone fooling employees into transferring company funds to a fraudulent account using SEF techniques.
From fake emails to urgent texts from “the CFO”, to fake ransomware letters with QR codes, to someone pretending to be IT support in a chat window, social engineering fraud starts with human trust but can lead to a major loss.
See how these attacks work
Trends in Social Engineering Fraud (SEF)
Cyber Concerns
Top cyber concerns of business leaders
Security breach/hackers
56%
Unauthorized access to financial accounts
55%
Compromise/theft of company/client records
53%
Security breaches/system glitch at a vendor
53%
Becoming a cyber extortion/ransomware victim
53%
Employees putting information/system at risk
51%
Top Cyber Concerns by Industry
Technology
#1
Global/political instability leading to a cyber event
#2
Unauthorized access to financial accounts
#3
Security breach/hackers
Top Cyber Concerns
42% Do not use endpoint detection and response (EDR) tools�37% Do not have a post-breach team�35% Do not have an incident response (IR) plan
28% Do not use multifactor authentication (MFA) for remote access
92% Believe having proper cybersecurity controls in place is critical yet:
Technology
Retail
#1
Unauthorized access
to financial accounts
#2
Compromise, theft or loss of client/customer records
#3
Security breaches/system glitch at a vendor
Top Cyber Concerns
65% Do not use endpoint detection and response (EDR) tools�62% Do not have a post-breach team�48% Do not have an incident response (IR) plan
40% Do not use multifactor authentication (MFA) for remote access
75% Believe having proper cybersecurity controls in place is critical ,yet:
Retail
Professional Services
#1
Security breach/hackers
#2
Having the resources and know-how to recover from cyber-related events
#3
Unauthorized access to financial accounts
Top Cyber Concerns
62% Do not have a post-breach team �54% Do not use endpoint detection and response (EDR) tools�51% Do not have an incident response (IR) plan
38% Do not use multifactor authentication (MFA) for remote access
75% Believe having proper cybersecurity controls in place is critical, yet:
Professional Services
Nonprofits
#1
Security breach/hackers
#2
Employees putting information or systems at risk
#3
Unauthorized access to financial accounts
Top Cyber Concerns
60% Do not have a post-breach team �57% Do not use endpoint detection and response (EDR) tools�53% Do not have an incident response (IR) plan
29% Do not use multifactor authentication (MFA) for remote access
73% Believe having proper cybersecurity controls in place is critical, yet:
Nonprofits
Manufacturing
#1
Unauthorized access to financial accounts
#2
Compromise, theft or loss of client/customer records
#3
Remote workers who may cause cyber events, system glitches or breaches
Top Cyber Concerns
57% Do not have a post-breach team�50% Do not use endpoint detection and response (EDR) tools�45% Do not have an incident response (IR) plan
25% Do not use multifactor authentication (MFA) for remote access
83% Believe having proper cybersecurity controls in place is critical, yet:
Manufacturing
Healthcare
#1
Security breach/hackers
#2
Compromise, theft or loss of client/customer records
#3
Having the resources and know-how to recover from cyber-related events
Top Cyber Concerns
62% Do not have a post-breach team �51% Do not use endpoint detection and response (EDR) tools�46% Do not have an incident response (IR) plan
37% Do not use multifact or authentication (MFA) for remote access
83% Believe having proper cybersecurity controls in place is critical, yet:
Healthcare
Construction
#1
Unauthorized access to
financial accounts
#2
Security breaches/system glitch at a vendor
#3
Security breach/hackers
Top Cyber Concerns
65% Do not use endpoint detection and response (EDR) tools�61% Do not have a post-breach team�45% Do not have an incident response (IR) plan
36% Do not use multifactor authentication (MFA) for remote access
76% Believe having proper cybersecurity controls in place is critical, yet:
Construction
Banking
#1
Unauthorized access to financial accounts
#2
Remote workers who may cause cyber events, system glitches or breaches
#3
Security breach/hackers
Top Cyber Concerns
45% Do not have a post-breach team�44% Do not use endpoint detection and response (EDR) tools�35% Do not have an incident response (IR) plan
34% Do not use multifactor authentication (MFA) for remote access
87% Believe having proper cybersecurity controls in place is critical, yet:
Banking
#1
28% had a system glitch
#2
27% had info/systems put at risk by employees using unsafe practices
#3
24% were targets of extortion/ransomware
#4
23% were victims of unauthorized access into operational or industrial control systems
#5
Top 5 cyber events experienced by businesses
Cyber Awareness Is Key to Fighting Back
Jump to a section
Cyber Insurance
Cyber Preparedness
Cyber Awareness
Business Concerns
The 2025 survey takes a deep dive into the top concerns of U.S. business leaders from small, medium and large businesses across a wide range of industries.
Learn what perils top the list – and what can be done to help mitigate them.
The Travelers
Risk Index
60%
Cyber victims being hit multiple times
25%
Businesses reporting breaches
of medium-sized �businesses
%
1
of large �businesses
%
1
Businesses Express Significant �Worry About Cyber Threats
This year, cyber threats are the #1 business concern for medium and large companies.
For the 9th time in 10 years cyber victimization continues. More businesses are falling victim to cyber events, with 25% now reporting breaches and 60% �of victims being hit multiple times.
But despite the ongoing threats, basic cybersecurity gaps persist.
Cyber Risks Remain a Top Business Concern
23% were victims of unauthorized access into operational or industrial control systems
This year, cyber threats are the #1 business concern for medium and large companies.
For the 9th time in 10 years cyber victimization has increased. More businesses are falling victim to cyber events, with 25% now reporting breaches and 60% �of victims being hit multiple times.
But despite the ongoing threats, basic cybersecurity gaps persist.