Evolving threats and new digital developments make cyber a top concern for large technology, banking and professional services businesses, second only to the inflation of medical costs, the study found.
Given these concerns, it’s not surprising that 52% of survey respondents believe that suffering a cyber-attack is inevitable; however, the fact that a majority of those surveyed reported not taking adequate steps to protect the business raises alarm.
More than 1,000 companies participated in the survey, which found that 55% of businesses have not completed a cyber-risk assessment. In addition to not assessing their own risks, 63% of respondents also said they have not completed a cyber-risk assessment on vendors who have access to their data.
Well over half (62%) have not developed a business continuity plan, leaving them with no outline of the steps the organization should take in the event of a breach. Despite this lack of preparation, only 50% of survey respondents have cyber insurance.
“Cyber risks carry serious consequences for any business, threatening everything from revenue to operations,” said Tim Francis, enterprise cyber lead at Travelers, said in a press release. “These findings reveal some surprising things about how companies view their cyber exposures, their relative confidence in dealing with them and the clear opportunity that exists for them to be better prepared for a cyber-attack.”
The survey also found an increase in the number of businesses that have actually fallen victim to a cyber-attack. The number of participants citing they had been a victim doubled from 10% in 2015 to 20% in 2018.
Additionally, concerns over operational software systems being remotely hacked, insufficient resources to recover from a cyber incident and falling victim to cyber extortion increased by 5% since last year.