The 2025 survey takes a deep dive into the top concerns of U.S. business leaders from small, medium and large businesses across a wide range of industries.
Learn what perils top the list – and what can be done to help mitigate them.
80% of those surveyed say having cyber insurance is critical, yet only 63% have reported buying cyber insurance.
Travelers has long been committed to managing and mitigating cyber risk. Our dedicated team of underwriters, Claim professionals and Cyber Risk Services specialists are ready to help insure and protect business assets today.
Cyber Insurance Can Help Businesses Be Prepared
Learn How to Get Ahead of Cyber Risks
Why Travelers for cyber liability insurance?
Business interruption
Cyber extortion
Betterment
Why Travelers for cyber liability insurance?
Travelers cyber coverage can be a crucial safeguard against the potentially devastating financial consequences of a cyberattack. Travelers can help businesses customize insurance solutions to their level of risk with coverage options to address:
Who needs cyber liability insurance?
Who needs cyber liability insurance?
Any type of business or organization that uses technology faces cyber risk. As technology becomes more complex and sophisticated, so do the cyber threats. That’s why it’s so critical to be prepared with both cyber liability insurance and an effective cybersecurity plan to help manage and mitigate cyber risk.
Why is cyber insurance necessary?
Why is cyber insurance necessary?
Cyber insurance can help cover costs associated with data breaches and cyberattacks. Those costs can include such things as lost income due to a cyber event, notifying customers affected by a breach, recovering compromised data, repairing damaged computer systems and more.
What is cyber liability insurance?
What is cyber liability insurance?
Cyber liability insurance provides a combination of coverage options and services to help businesses protect against data breaches and other cyber events and recover quickly if a cyberattack does take place.
Questions about cyber insurance
21%
21
%
of large businesses lack cyber insurance
21%
21
%
of midsized businesses lack cyber insurance
46%
46
%
of small businesses lack cyber insurance
Companies of all shapes and sizes lack proper cyber coverage
Forensic investigations
Litigation expenses
Regulatory defense expenses/fines
Crisis management expenses
Team
Cyber
Risk
Help
39%
150%
increase in companies reporting cyberattacks in the last 10 years
60%
of businesses that reported an attack were victimized �more than once
The proof is in the numbers
Trends in Social Engineering Fraud (SEF)
Almost half of all respondents worry about someone fooling employees into transferring company funds to a fraudulent account using SEF techniques.
From fake emails and urgent texts from the CFO, to fake ransomware letters with QR codes, to someone pretending to be IT support in a chat window, social engineering fraud starts with human trust but can lead to a major loss.
Top cyber concerns of business leaders
Security breach/hackers
56%
Unauthorized access to financial accounts
55%
Compromise/theft �of client records
53%
Security breaches/system glitch at a vendor
53%
Becoming a cyber extortion/ransomware victim
53%
Employees putting information/system at risk
51%
Cyber Concerns
Cyber Trends
Cyber Victimization
Top Cyber Concerns by Industry
Technology
#1
Global/political instability �leading to a cyber event
#2
Unauthorized access to financial accounts
#3
Security
breach/hackers
Top cyber concerns
42% do not use endpoint detection and response (EDR) tools�37% do not have a post-breach team�35% do not have an incident response (IR) plan
28% do not use multifactor authentication (MFA) for remote access
92% believe having proper cybersecurity controls
in place is critical, yet:
Technology
Retail
#1
Unauthorized access
to financial accounts
#2
Compromise/theft �of client records
#3
Top cyber concerns
65% do not use endpoint detection and response (EDR) tools�62% do not have a post-breach team�48% do not have an incident response (IR) plan
40% do not use multifactor authentication (MFA) for remote access
75% believe having proper cybersecurity controls
in place is critical, yet:
Retail
Professional Services
#1
Security breach/hackers
#2
Having the resources and know-how to recover from cyber-related events
#3
Unauthorized access to financial accounts
Top cyber concerns
62% do not have a post-breach team�54% do not use endpoint detection and response (EDR) tools�51% do not have an incident response (IR) plan
38% do not use multifactor authentication (MFA) for remote access
75% believe having proper cybersecurity controls
in place is critical, yet:
Professional Services
Nonprofits
#1
Security
breach/hackers
#2
Employees putting information or systems at risk
#3
Unauthorized access to financial accounts
Top cyber concerns
60% do not have a post-breach team�57% do not use endpoint detection and response (EDR) tools�53% do not have an incident response (IR) plan
29% do not use multifactor authentication (MFA) for remote access
73% believe having proper cybersecurity controls
in place is critical, yet:
Nonprofits
Manufacturing
#1
Unauthorized access to financial accounts
#2
Compromise/theft �of client records
#3
Remote workers who may cause cyber events, system glitches or breaches
Top cyber concerns
57% do not have a post-breach team�50% do not use endpoint detection and response (EDR) tools�45% do not have an incident response (IR) plan
25% do not use multifactor authentication (MFA) for remote access
83% believe having proper cybersecurity controls
in place is critical, yet:
Manufacturing
Healthcare
#1
Security breach/hackers
#2
Compromise/theft �of client records
#3
Top cyber concerns
62% do not have a post-breach team�51% do not use endpoint detection and response (EDR) tools�46% do not have an incident response (IR) plan
37% do not use multifactor authentication (MFA) for remote access
83% believe having proper cybersecurity controls
in place is critical, yet:
Healthcare
Construction
#1
Unauthorized access to financial accounts
#2
Security breaches/system glitch at a vendor
#3
Top cyber concerns
65% do not use endpoint detection and response (EDR) tools�61% do not have a post-breach team�45% do not have an incident response (IR) plan
36% do not use multifactor authentication (MFA) for remote access
76% believe having proper cybersecurity controls
in place is critical, yet:
Construction
Banking
#1
Unauthorized access to financial accounts
#2
Remote workers who may cause cyber events, system glitches or breaches
#3
Security
breach/hackers
Top cyber concerns
45% do not have a post-breach team�44% do not use endpoint detection and response (EDR) tools�35% do not have an incident response (IR) plan
34% do not use multifactor authentication (MFA) for remote access
87% believe having proper cybersecurity controls in place is critical, yet:
Banking
39% had a security breach – someone gaining unauthorized access
#1
28% had a system glitch or user error
#2
27% had info/systems put at risk by employees using unsafe practices
#3
24% were targets of extortion/ransomware
#4
23% were victims of unauthorized access into operational or industrial control systems
#5
Top 5 cyber events experienced by businesses
Cyber Awareness Is Key to Fighting Back
Understanding privacy laws and federal cybersecurity regulations
Having the resources and know-how to recover from cyber-related events
Security breaches/system glitch at a vendor
- Tim Francis, Travelers Enterprise Cyber Lead
It’s important that companies know the steps they can take to help avoid a cyberattack. �We’d like to see more businesses taking protective measures and utilizing tactics like multifactor authentication, endpoint detection and response and creating an incident response plan.
Cyber Preparedness
The Basics
Fighting Back
Preventive Tactics
Coverage and Services
86% of business leaders are confident in the proactive cybersecurity guidance from their insurance carriers
Businesses need to take preparation seriously
More than 20% of businesses are not implementing basic best practices, such as:
Putting up firewalls
Changing passwords regularly
Patching known exploited vulnerabilities
Cover the basics in terms of cyber protection
Based on survey results, not enough companies are taking action to reduce the risk of becoming a cyber victim.
Cyber Preparedness Can Help Reduce the Risk of Attacks
Effective measures businesses can take
63% are keeping systems up to date
58% are backing up data
50% are filtering and scanning email
48% are implementing multifactor authentication (MFA)
47% are migrating to cloud
See how companies are fighting back after a breach
See how MFA works
94% of businesses are familiar with MFA yet only 60% of survey participants use MFA to ensure that administrative users are validated prior to being granted access in the network.
READ TRANSCRIPT
of companies that reported falling victim to a cyber event had �a security breach
See how these attacks work
Travelers cyber coverage with Travelers Cyber Risk Services, available at no additional cost for cyber policyholders, is shown �to reduce the risk of a breach by almost 20%* with:
Always-on threat monitoring and tailored alerts
Expert guidance from our in-house Cyber Risk Services team
24/7 Cyber Risk Dashboard
*The frequency and severity of cyber insurance claims were found to be lower across all policyholder organizations that met a minimum threshold for engaging with the service offerings described above by registering their account on the Cyber Risk Dashboard.
Results show that over half of all businesses surveyed do not:
Simulate cyberattacks to identify areas �of system vulnerability
Have a post-incident response team as �part of an incident response plan
Use endpoint detection and response (EDR) tools
Transcript
READ TRANSCRIPT
Cyber Insurance
Cyber Preparedness
Cyber Awareness
Business Concerns
The Travelers
Risk Index
Watch Video
While businesses can’t plan for �a cyberattack, Travelers Cyber �Risk Services offers threat monitoring, tools and services �to help businesses plan to prevent one. Our short video explains.
24/7 access to the Cyber Risk Dashboard: Get access �to resources and custom security recommendations.
Always-on threat monitoring and alerts: Help stop attacks before they escalate with tailored same-day threat alerts.
Expert guidance: Receive personalized, step-by-step recommendations from our in-house Cyber Risk Services team.
of business leaders are confident in the proactive cybersecurity guidance from insurance carriers – a higher rate than their confidence in third-party vendors or service providers.
86%
These services include what businesses are looking for:
60%
Cyber victims being hit multiple times
25%
Businesses reporting breaches
This year, cyber threats are the No. 1 business concern for medium and large companies.
For the ninth time in 10 years, cyber victimization has increased. More businesses are falling victim to cyber events, with 25% now reporting breaches and 60% �of victims being hit multiple times.
But despite the ongoing threats, basic cybersecurity �gaps persist.
Cyber Risks Remain a Top Business Concern
Businesses Express Worry �About Cyber Threats
%
of medium-sized �businesses
of large �businesses
1
%
1
Understanding cybersecurity risks can go a long way toward protecting businesses. To learn more about Cyber coverage �options and tools, visit travelers.com/cyber.�