Cyber Threats Top Business Risk Concern in 2024
Cyber threats have once again emerged as the top concern for business leaders, according to the 2024 Risk Index by Travelers. This marks the fourth time in six years that cyber risks have topped the list, after a record 62% of 1,200 surveyed business leaders cited it as a significant concern.
The annual survey polls decision-makers from various U.S. businesses about their primary worries. This year, cyber threats were followed by medical cost inflation (59%), increasing employee benefits costs (59%), broad economic uncertainty (59%) and the ability to attract and retain talent (54%).
The survey also found more than half — 51% — of leaders believe the current business environment is more risky, the highest percentage since the annual survey began in 2014.
Tim Francis, enterprise cyber lead at Travelers, noted that while the findings reflect an increased awareness of cyber threats, a significant number of businesses still choose not to secure cyber insurance, despite understanding the risks. Nearly 30% of the over 1,200 respondents reported their company did not have a cyber insurance policy.
“As much as [business owners] are concerned, its hard to keep track of all the changes in technology and threats that evolve. And sometimes you take all the reasonable steps that you can take to prevent these things from happening and they still do,” Francis said. “That’s the role we play, to help our customers through these things.”
At the same time, the percentage of businesses with a cyber insurance policy has seen considerable growth, rising to 65% in 2024 from 39% in 2018. This increase was observed across businesses of all sizes — small businesses jumping to 41% from 34%, midsize companies to 77% from 74%, and large businesses to 78% from 72%.
The survey also revealed a slight increase in the percentage of companies that have experienced a cyber incident, to 24% in 2024 from 23% in 2023 (though still below the peak of 26% in 2022). More than half of these incidents occurred within the past year, marking the eighth time in nine years that the percentage of companies suffering a data breach or cyber event has risen from the previous year.
Among those experiencing a cyber incident, the most common types of cyber events were a security breach (36%), extortion or ransomware (27%), employees putting information or systems at risk through unsafe computing practices (27%), a system glitch (26%), and employees being fooled into transferring funds to fraudulent accounts (25%).
The top cyber-related worries of business leaders were a security breach and unauthorized access to financial accounts or control systems, both listed by 57% of respondents. Other significant concerns included ransomware (54%), employees putting information or systems at risk through unauthorized or unsafe computing practices (53%), and system glitches (53%).
On the risk mitigation side, more than 4 in 5 respondents stated that having the right cyber controls and insurance in place is critical to their companies’ wellbeing, but while firewalls, multifactor authorization (MFA), data backups and password updates are slowly becoming more common, “it’s a little disturbing that [their adoption] isn’t at 100%,” Francis said, noting that 20% of respondents said their company hasn’t backed up data and 30% don’t use MFA. “It’s a little bit of a ticking bomb.”
Francis also noted how easy security measures like MFA are to implement. “Don’t be the low-hanging fruit. It’s not going to be foolproof, but at least give yourself a fighting chance,” he concluded. “If there’s one takeaway, it’s to emphasize the power of multifactor authentication as a tool to reduce exposure.”
Read the full report on the Travelers website. &