Cyber-threats are the number one concern for US business decision makers, beating worries over economic uncertainty, rising energy costs and hiring, according to insurance provider Travelers.
The firm polled over 1200 US business leaders to compile its 2022 Travelers Risk Index report.
This is the third time in four years that cyber has emerged as the top concern, with more than half (57%) of respondents believing a future cyber-attack on their organization is inevitable.
A quarter (26%) said their company had already been a breach victim, the seventh successive year this figure has risen.
The top two cyber-related concerns were suffering a security breach (57%), and a system glitch causing computers to crash (55%). Becoming a cyber-extortion victim rose from eighth position to third this year.
However, despite general concern about cyber-threats, business decision-makers may also be guilty of overconfidence in their organization’s security posture.
Nearly all respondents (93%) said they’re confident their company has implemented best practices to prevent or mitigate a cyber event. Yet most have not deployed endpoint detection and response tools (64%), they haven’t conducted a vendor cyber-assessment (59%), and don’t have an incident response plan (53%).
Further, while 90% said they’re familiar with multi-factor authentication (MFA), only 52% had implemented it for remote access.
This increasingly matters, not only to mitigate cyber-risk but also to reduce insurance premium costs and increase coverage.
“Cyber-attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions,” said Tim Francis, enterprise cyber lead at Travelers.
“Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber-event.”