Newsletters
Risk Central
Digital EditionCyber Threats Top Business Concerns as Attack Rates Surge 150% Over Decade
Cyber threats have emerged as the top concern for medium and large U.S. businesses, with reported attacks increasing 150% over the past decade and one in four companies now experiencing breaches, according to the 2025 Travelers Risk Index survey.
The survey reveals a troubling pattern of escalating cyber victimization across businesses of all sizes. For the ninth time in 10 years, cyber incidents have increased, with 25% of businesses reporting breaches, according to the survey report. More concerning, 60% of cyber victims experience multiple attacks, suggesting that once compromised, organizations become repeat targets, the report added.
Security breaches involving unauthorized access represent the most common cyber event, affecting 39% of businesses. This is followed by system glitches or user errors at 28%, and employee-related security risks at 27%. Nearly a quarter of businesses (24%) have faced extortion or ransomware demands, while 23% report unauthorized access to operational or industrial control systems.
Preparedness Gaps Leave Organizations Exposed
Despite widespread recognition of cyber risks—with 66% of large businesses and 60% of medium-sized businesses expressing concern—significant preparedness gaps persist. Business leaders identify security breaches and unauthorized financial access as their top worries, each cited by more than half of respondents. Client record theft, vendor system breaches, and ransomware attacks round out the primary concerns at 53% each.
Top cyber concerns varied by industry, the survey found. Unauthorized access to financial accounts was the No. 1 concern of respondents in banking, construction, manufacturing and retail. A security breach/hackers was the top cyber concern of respondents in health care, nonprofits and professional services. For technology forms, global/geopolitical instability leading to a cyber event was the top concern.
Strategic Response Required to Counter Evolving Threats
The survey findings underscore the need for comprehensive cybersecurity strategies that go beyond basic awareness.
“Being aware of the risks and implementing a cybersecurity program that addresses areas of potential exposure can separate businesses that thrive from those derailed by devastating breaches,” said John Menefee, vice president and enterprise cyber lead at Travelers.
The survey showed that over half of all businesses surveyed do not:
- Simulate cyberattacks to identify areas of system vulnerability.
- Have a post-incident response team as part of an incident response plan.
- Use endpoint detection and response (EDR) tools.
View the full report here. &
