Latest Travelers Risk Index shows that the majority of US organizations do not have a business continuity plan
- Published: Tuesday, 25 September 2018 07:59
The Travelers Companies, Inc., has published the results of the 2018 Travelers Risk Index; an annual survey of US-based businesses which looks at current threats and preparedness.
The survey of 1,201 decision makers representing a range of industries and company sizes found the percentage of businesses reporting they have been the victim of a cyber attack has doubled since the previous survey. Additionally, 52 percent of respondents believe that suffering a cyber attack is inevitable.
Interestingly, while 91 percent of respondents reported being confident that their companies have implemented best practices to avoid a cyber event, the same leaders also indicated that:
- 62 percent have not developed a business continuity plan;
- 55 percent have not completed a cyber risk assessment for their businesses;
- 63 percent have not completed a cyber risk assessment on vendors who have access to their data; and
- 50 percent do not purchase cyber insurance.
Other key findings from the 2018 Travelers Risk Index include:
- The percentage of respondents who think the current business environment is more risky continues to decrease. In 2018 it was 36 percent, compared to 41 percent in 2016 and 48 percent in 2014.
- Overall, the concern about cyber risk is second only to medical cost inflation, however, it is the top concern of large businesses and in sectors such as technology, banking and professional services.
- The percentage of businesses that have been the victim of a cyber attack has increased. In 2015, 10 percent of study participants said they had been a cyber victim; that number has doubled in 2018.
- Compared to last year’s survey, the three biggest cyber concerns remain the same: security breach, system glitch and unauthorized access to bank accounts.
- Three other cyber-related concerns – operational software systems being remotely hacked, not having the resources to recover from a cyber event and cyber extortion – saw a jump of at least 5 percentage points from last year.
- Over the past few years, multiple third-party reports have shown that small businesses suffer the majority of cyber attacks, yet these businesses are the most likely to report not having cyber insurance coverage. Although small businesses may be a frequent target, 74 percent of survey respondents from small businesses said they did not purchase cyber insurance.