What type of cyber
threat are organizations experiencing the most?
Which part of your organization
will benefit the most from cybersecurity protections?
How do the majority of cyberattacks happen?
How damaging can
a cyberattack be?
Is Your Organization Cyber Secure?
“
For years, ransomware was the No. 1 type of cybersecurity event experienced by organizations. Business email compromise attacks took the lead in 2022 and remain at the top of the list as of today. However, ransomware is close behind.
“
Over the past couple of decades, people have seen
that cybersecurity is a part of every different step
within the business.
“
“
It is not at all unusual for companies – even small ones – to have ransom demands that are seven figures. They can be really crippling to any size organization.
Jennifer Coughlin
Founding Partner
Mullen Coughlin
Panelist, Travelers Institute Cybersecurity Symposium
Ryan Hebert
Business Information Security Officer
New York Stock Exchange
Panelist, Travelers Institute Cybersecurity Symposium
Ken Morrison
Assistant Vice President
Cyber Risk Management
Travelers
Tim Francis
Bond Specialty Insurance
Enterprise Cyber Lead
Panelist, Travelers Institute Cybersecurity Symposium
How damaging can a cyberattack be?
How do the majority of cyberattacks happen?
Where is your organization most in need of cybersecurity?
What’s the No. 1 current cyber threat?
Tim Francis
Bond Specialty Insurance
Enterprise Cyber Lead
Panelist, Travelers Institute Cybersecurity Symposium
“
It is not at all unusual for companies – even small ones --
to have ransom demands that are seven figures. They can be really crippling to any size organization.
Valerie Cofield
Chief Strategy Officer
Cybersecurity and Infrastructure Security Agency
Panelist, Travelers Institute Cybersecurity Symposium
“
Unfortunately, still 90% of all cyberattacks happen through a phishing email.
Ryan Hebert
Business Information Security Officer
New York Stock Exchange
Panelist, Travelers Institute Cybersecurity Symposium
“
Over the past couple of decades people have seen that cybersecurity is a part of every different step within the business.
Jennifer Coughlin
Founding Partner
Mullen Coughlin
Panelist, Travelers Institute Cybersecurity Symposium
“
2018 to 2021 ransomware was No. 1 and No. 1 by a lot. But right now, we’re seeing business email compromises becoming No. 1.
Cyberattacks are among the most serious risks facing your organization today. Becoming aware of the current state of cyber risk is a key first step in helping to protect your organization. The next step is implementing five readiness practices recommended by Travelers’ cyber experts.
Cyberattacks are among the most serious risks facing your organization today. Becoming aware of the current state of cyber risk is a key first step in helping to protect your organization. The next step is implementing five readiness practices recommended by Travelers’ cyber experts.
Is Your Business Cyber Secure?
The overwhelming majority, more than 90%*
of cyberattacks, start with a phishing email.
Page 1 of 3
“
“
“
“
“
“
“
“
Cyberattacks are among the critical risks facing your organization today. To determine the types of security measures your organization will need to take to stay protected, you’ll first need to understand the state of cyber risk today.
*cisa.gov
*https://www.cisa.gov/stopransomware/general-information
Learn about each of the five practices:
To help protect your organization, Travelers’ cyber experts recommend five practices that,
used collectively, can provide a strong defense from an ever-changing range of cyber
threats – before, during and after an event.
Multifactor Authentication (MFA)
MFA adds a layer of security by requiring the use of two or more authentication factors to verify the legitimacy of account access attempts. It can help prevent unauthorized access to your accounts, even if passwords are stolen. A popular form of MFA is having a code sent to a mobile device.
An IR plan is a document that outlines an organization’s procedures, steps and responsibilities in the event of a cyberattack. It prioritizes mission critical functions, identifies the IT systems that support them and documents recovery and response actions to help quickly restore operations. A well-designed IR plan is a living, breathing document that should be regularly reviewed and updated.
Incident Response (IR) Plan
Data backups are a critical part of cybersecurity. In the event of a cyberattack or data loss, having recent backups of your data can help ensure that critical information is not lost, which can lessen the impact on your organization. It is important to back up your data to a secure location, such as a cloud-based service, an off-site server or both.
Back Up Data
of U.S. business insurance decision-makers surveyed across
Hackers often target vulnerabilities in outdated software and operating systems. It’s critical to keep your systems up to date
with the latest security patches and software updates to help protect your organization from known vulnerabilities.
Update Your Systems
of U.S. business insurance decision-makers surveyed across
EDR is a type of security software that looks at user behavior, checks for vulnerabilities, isolates suspicious computers or networks, alerts security operation teams and even performs initial forensic analysis. It can help protect an enterprise network by identifying suspicious activity before the rest of the corporate network is exposed to unnecessary risk. An EDR solution can provide far greater capabilities than a traditional antivirus solution, as it monitors for anomalous behavior on each system rather than simply searching for malware.
Endpoint Detection and Response (EDR)
of U.S. business insurance decision-makers surveyed across
*2024 Travelers Risk Index
*2024 Travelers Risk Index
*2024 Travelers Risk Index
Back Up Data
Incident Response (IR) Plan
Endpoint Detection and Response (EDR)
Update Your Systems
Multifactor Authentication (MFA)
5 Practices Organizations Should Implement to Be Cyber Ready
60%
37%
47%
a variety of industries and representing small, midsized and large companies do not use multifactor authentication for remote access.*
a variety of industries and representing small, midsized and large companies do not use endpoint detection and response.*
a variety of industries and representing small, midsized and large companies do not have an incident response plan.*
Back up Data
Incident Response (IR) Plan
Endpoint Detection Response (EDR)
Update Your Systems
Multifactor Authentication
*2023 Travelers Risk Index
decision-makers surveyed across a variety of industries
do not use multifactor authentication for remote or
admin access.*
do not use Multifactor Authentication
48%
It can help prevent unauthorized access to your accounts, even if passwords are stolen. Multifactor authentication adds a layer of security by requiring the use of two or more authentication factors to verify the legitimacy of account access attempts. An example of a popular form of multifactor authentication is having a code sent to a mobile device.
Multifactor Authentication
5 Practices Organizations Should Implement to Be Cyber Ready
To help protect your organization, Travelers’
cyber experts recommend five practices that, used collectively, can provide a strong defense from an everchanging range of cyber threats – before, during
and after an event.
MFA adds a layer of security by requiring the use
of two or more authentication factors to verify the legitimacy of account access attempts. It can help prevent unauthorized access to your accounts, even if passwords are stolen. A popular form of MFA is having a code sent to a mobile device.
Multifactor Authentication
*2023 Travelers Risk Index
decision-makers surveyed across a variety of industries do not use endpoint detection and response.*
of small, midsized and large U.S. insurance business
64%
MFA adds a layer of security by requiring the use
of two or more authentication factors to verify the legitimacy of account access attempts. It can help prevent unauthorized access to your accounts, even if passwords are stolen. A popular form of MFA is having a code sent to a mobile device.
Multifactor Authentication
*2023 Travelers Risk Index
decision-makers surveyed across a variety of industries do not have an incident response plan.*
of small, midsized and large U.S. insurance business
53%
EDR is a type of security software that looks at user behavior, checks for vulnerabilities, isolates suspicious computers or networks, alerts security operation teams and even performs initial forensic analysis. It can help protect an enterprise network by identifying suspicious activity before the rest of the corporate network is exposed to unnecessary risk. An EDR solution can provide far greater capabilities than a traditional antivirus solution, as it monitors for anomalous behavior on each system rather than simply searching for malware.
Endpoint Detection Response (EDR)
An IR plan is a document that outlines an organization’s procedures, steps and responsibilities in the event of a cyberattack. It prioritizes mission critical functions, identifies the IT systems that support them and documents recovery and response actions to help quickly restore operations. A well-designed IR plan
is a living, breathing document that should be regularly reviewed and updated.
Incident Response (IR) Plan
Page 2 of 3
To help protect your organization, Travelers’ cyber experts recommend five practices that,
used collectively, can provide a strong defense from an ever-changing range of cyber
threats – before, during and after an event.
To help protect your organization, Travelers’ cyber
experts recommend five practices that, used collectively, can provide a strong defense from an everchanging range of cyber threats – before, during and after an event.
Back Up Data
Incident Response (IR) Plan
Endpoint Detection and Response (EDR)
Update Your Systems
Multifactor Authentication (MFA)
Data backups are a critical part of cybersecurity.
In the event of a cyberattack or data loss, having recent backups of your data can help ensure that critical information is not lost, which can lessen the impact on your organization. It is important to back up your data to a secure location, such as a cloud-based service, an off-site server or both.
Back Up Data
*2023 Travelers Risk Index
surveyed across a variety of industries and representing small, midsized and large companies do not have an incident response plan.*
of small, midsized and large U.S. insurance business
47%
An IR plan is a document that outlines an organization’s procedures, steps and responsibilities in the event of a cyberattack. It prioritizes mission critical functions, identifies the IT systems that support them and documents recovery and response actions to help quickly restore operations. A well-designed IR plan
is a living, breathing document that should be regularly reviewed and updated.
Incident Response (IR) Plan
*2023 Travelers Risk Index
across a variety of industries and representing small, midsized and large companies do not use endpoint detection and response.*
of small, midsized and large U.S. insurance business
60%
EDR is a type of security software that looks at user behavior, checks for vulnerabilities, isolates suspicious computers or networks, alerts security operation teams and even performs initial forensic analysis. It can help protect an enterprise network by identifying suspicious activity before the rest of the corporate network is exposed to unnecessary risk. An EDR solution can provide far greater capabilities than a traditional antivirus solution, as it monitors for anomalous behavior on each system rather than simply searching for malware.
Endpoint Detection and
Response (EDR)
Hackers often target vulnerabilities in outdated software and operating systems. It’s critical to
keep your systems up to date with the latest
security patches and software updates to help
protect your organization from known vulnerabilities.
Update Your Systems
*2023 Travelers Risk Index
across a variety of industries and representing small, midsized and large companies do not use multifactor authentication for remote access.*
of small, midsized and large U.S. insurance business
37%
MFA adds a layer of security by requiring the use
of two or more authentication factors to verify the legitimacy of account access attempts. It can help prevent unauthorized access to your accounts, even if passwords are stolen. A popular form of MFA is having a code sent to a mobile device.
Multifactor Authentication (MFA)
To help protect your organization, Travelers’ cyber
experts recommend five practices that, used collectively, can provide a strong defense from an ever-changing range of cyber threats – before, during and after an event.
To help protect your organization, Travelers’ cyber
experts recommend five practices that, used collectively, can provide a strong defense from an ever-changing range of cyber threats – before, during and after an event.
5 Practices Organizations Should Implement to Be Cyber Ready
