For the third time in four years, cyber threats have been found to be the top overall concern for business decision makers, according to the 2022 Travelers Risk Index results.
Of the 1,200 survey participants, more felt that today’s business environment is riskier compared to a year ago, and more than half think a future cyber attack on their company or organization is inevitable.
Cyber threats again were the leading concern, but other issues were close behind, a change from 2021 when cyber held the top spot by 6 percentage points.
This year, 59% of survey respondents said that they worry some or a great deal about cyber threats, followed closely by broad economic uncertainty, fluctuations in oil and energy costs, the ability to attract and retain talent, and medical cost inflation.
Big jumps were seen this year relating to concerns in oil and energy costs and supply chain risks, due to current geopolitical events and the serious obstacles businesses and individuals are facing.
“Cyber attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions,” said Tim Francis, Enterprise Cyber Lead at Travelers.
“Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber event.”
Travelers argues that overconfidence in navigating the evolving cyber landscape is causing a false sense of security, with 93% of respondents stating that they were confident their company had implemented best practices to prevent or mitigate a cyber event.
But when asked whether their company had taken specific prevention measures, Travelers found that the majority had not, with 64% not using endpoint detection and response, 59% having not conducted a cyber assessment for vendors, and 53% having no incident response plan.
The cyber-specific concerns that stayed in the top two spots were suffering a security breach or someone hacking into a business computer system and a system glitch causing a company’s computers to go down.
Meanwhile, becoming a cyber extortion or ransomware victim moved from eighth position to third this year at 54%.
This year, 26% of survey respondents said their company had been a cyber victim, with nearly half of those (49%) reporting that the event had happened within the past 12 months, and 71% having been a victim more than once.
“Multiple cyber attacks might not be random – if you were vulnerable before and don’t take appropriate action as a result, you continue to be at risk,” Francis added. “It’s important to take the prospect of a cyber attack seriously and to put your company in position to successfully manage a likely event.”
