According to the 2022 Travelers Risk Index results, cyber threats have been identified as the top overall concern for business decision makers for the third time in four years.
More participants believe today’s business environment is riskier than a year ago, and more than half believe a future cyber attack on their company or organization is unavoidable.
Cyber threats were the top concern once again, but other issues trailed closely behind, a shift from 2021, when cyber held the top spot by 6 percentage points.
This year, 59% of survey respondents are concerned about cyber threats, followed by broad economic uncertainty, fluctuations in oil and energy costs, the ability to attract and retain talent, and medical cost inflation.
This year has seen significant increases in concerns about oil and energy costs, as well as supply chain risks, as a result of current geopolitical events and the serious obstacles that businesses and individuals are facing.
“Cyber attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions,” said Tim Francis, Enterprise Cyber Lead at Travelers.
“Effective measures that have been shown to reduce the risk of becoming a cyber victim are available, but these survey results show that not enough companies are taking action.” It’s never too late to take these precautions, and they can help businesses avoid a devastating cyber event.”
According to Travelers, overconfidence in navigating the evolving cyber landscape is creating a false sense of security, with 93% of respondents believing their company had implemented best practices to prevent or mitigate a cyber event.
When Travelers asked if their company had taken specific prevention measures, the majority had not, with 64% not using endpoint detection and response, 59% not conducting a cyber assessment for vendors, and 53% having no incident response plan.
The top two cyber-specific concerns remained a security breach or someone hacking into a business computer system and a system glitch causing a company’s computers to go down.
Meanwhile, becoming a cyber extortion or ransomware victim moved from eighth position to third this year at 54%.
This year, 26% of survey respondents reported that their company had been a cyber victim, with nearly half (49%) reporting that the event occurred within the previous 12 months and 71% reporting that they had been a victim more than once.
“Multiple cyber attacks may not be random – if you were vulnerable previously and did not take appropriate action as a result, you remain at risk,” Francis added. “It is critical to take the threat of a cyber attack seriously and to position your company to successfully manage such an event.”