Of the 1,200 business leaders who participated in an insurer-sponsored survey, 55 percent said they worry some or a great deal about cyber risks, ahead of medical cost inflation (54 percent), employee benefit costs (53 percent), the ability to attract and retain talent (46 percent) and legal liability (44 percent).
The Travelers Companies, which has been commissioning the 2019 Travelers Risk Index since in 2014, said this is the first time in its survey’s history that cyber has been the top concern among businesses of all sizes. With growing cyber threat concerns, a higher percentage of businesses are reporting taking proactive measures to safeguard against cyber risks. However, a sizable number have not implemented sufficient preventive best practices. The steps taken by respondents include: purchasing a cyber insurance policy (51 percent of survey participants, up from 39 percent last year), creating a business continuity plan in the event of a cyber attack (47 percent, up from 38 percent), taking a cyber risk assessment for themselves (49 percent, up from 45 percent) and their vendors (41 percent, up from 37 percent), and updating computer passwords (74 percent, up from 71 percent). Tim Francis, enterprise Ccyber lead at Travelers, said that while more businesses are taking steps to prevent a cyber event, “it’s still alarming that nearly half don’t have the proper insurance coverage.”
Less than a day
Referring to potentially devastating effects of a cyber-attack, Mr Francis said “taking the threat seriously and implementing a risk management program that addresses possible exposures can help a company not only avoid an attack but also recover from one as quickly as possible.” Since 2015, the percentage of small business respondents that have suffered a cyber-attack has tripled, from 4 percent to 12 percent this year. The Travelers results referred to a recent global report published by Marsh and Microsoft Corp, which found that although nearly 80 percent of organizations now rank cyber risk as a top-five concern, compared to 62 percent in 2017, a majority of board members and senior executives responsible for their organization’s cyber risk management spend less than a day a year focusing on cyber risk issues.