What type of cyber
threat are organizations experiencing the most?
Which part of your organization
will benefit the most from cybersecurity protections?
How do the majority of cyberattacks happen?
How damaging can
a cyberattack be?
Is Your Organization Cyber Secure?
“
For years, ransomware was the No. 1 type of cybersecurity event experienced by organizations. Business email compromise attacks took the lead in 2022 and remain at the top of the list as of today. However, ransomware is close behind.
“
Over the past couple of decades, people have seen
that cybersecurity is a part of every different step
within the business.
“
“
It is not at all unusual for companies – even small ones – to have ransom demands that are seven figures. They can be really crippling to any size organization.
Jennifer Coughlin
Founding Partner
Mullen Coughlin
Panelist, Travelers Institute Cybersecurity Symposium
Ryan Hebert
Business Information Security Officer
New York Stock Exchange
Panelist, Travelers Institute Cybersecurity Symposium
Ken Morrison
Assistant Vice President
Cyber Risk Management
Travelers
Tim Francis
Bond Specialty Insurance
Enterprise Cyber Lead
Panelist, Travelers Institute Cybersecurity Symposium
The overwhelming majority, more than 90%*
of cyberattacks, start with a phishing email.
Page 1 of 3
“
“
“
“
Cyberattacks are among the critical risks facing your organization today. To determine the types of security measures your organization will need to take to stay protected, you’ll first need to understand the state of cyber risk today.
*cisa.gov
Learn about each of the five practices:
To help protect your organization, Travelers’ cyber experts recommend five practices that,
used collectively, can provide a strong defense from an ever-changing range of cyber
threats – before, during and after an event.
Multifactor Authentication (MFA)
MFA adds a layer of security by requiring the use of two or more authentication factors to verify the legitimacy of account access attempts. It can help prevent unauthorized access to your accounts, even if passwords are stolen. A popular form of MFA is having a code sent to a mobile device.
An IR plan is a document that outlines an organization’s procedures, steps and responsibilities in the event of a cyberattack. It prioritizes mission critical functions, identifies the IT systems that support them and documents recovery and response actions to help quickly restore operations. A well-designed IR plan is a living, breathing document that should be regularly reviewed and updated.
Incident Response (IR) Plan
Data backups are a critical part of cybersecurity. In the event of a cyberattack or data loss, having recent backups of your data can help ensure that critical information is not lost, which can lessen the impact on your organization. It is important to back up your data to a secure location, such as a cloud-based service, an off-site server or both.
Back Up Data
of U.S. business insurance decision-makers surveyed across
Hackers often target vulnerabilities in outdated software and operating systems. It’s critical to keep your systems up to date
with the latest security patches and software updates to help �protect your organization from known vulnerabilities.
Update Your Systems
of U.S. business insurance decision-makers surveyed across
EDR is a type of security software that looks at user behavior, checks for vulnerabilities, isolates suspicious computers or networks, alerts security operation teams and even performs initial forensic analysis. �It can help protect an enterprise network by identifying suspicious activity before the rest of the corporate network is exposed to unnecessary risk. An EDR solution can provide far greater capabilities than a traditional antivirus solution, as it monitors for anomalous behavior on each system rather than simply searching for malware.
Endpoint Detection and Response (EDR)
of U.S. business insurance decision-makers surveyed across
*2025 Travelers Risk Index
*2025 Travelers Risk Index
*2025 Travelers Risk Index
Back Up Data
Incident Response (IR) Plan
Endpoint Detection and Response (EDR)
Update Your Systems
Multifactor Authentication (MFA)
5 Practices Organizations Should Implement to Be Cyber Ready
54%
34%
45%
a variety of industries and representing small, midsized and large companies do not use multifactor authentication for remote access.*
a variety of industries and representing small, midsized and large companies do not use endpoint detection and response.*
a variety of industries and representing small, midsized and large companies do not have an incident response plan.*
Page 2 of 3
To help protect your organization, Travelers’ cyber experts recommend five practices that,
used collectively, can provide a strong defense from an ever-changing range of cyber
threats – before, during and after an event.
Awareness about cyber readiness has never been more important.
By implementing the five cyber readiness practices recommended here, you can help boost your organization’s cybersecurity and be better prepared to defend against the ever-evolving threat of a cyberattack.
conclusion
LEARN MORE