As cyber security threats continue to evolve, more businesses are trusting insurers to offer guidance on proactive protection and prevention.
In fact, 86% of business leaders are confident in the cybersecurity guidance from insurance carriers—a higher rate than their confidence in third-party vendors or service providers, according to Traveler’s newest Risk Index.
While 80% of those surveyed by Travelers say having cyber insurance is critical, only 63% have reported buying cyber insurance, offering an opportunity for insurers to reach out to a concerned but underserved group. Of small businesses, 46% reported having no cyber coverage, and 21% of both midsize and large organizations are unprotected in case of a successful attack.
“These findings provide a compelling snapshot of how people and companies view cyber threats and what they’re doing, if anything, to avoid becoming the next victim of a cyberattack,” said John Menefee, vice president and enterprise cyber lead at Travelers. “Being aware of the risks and implementing a cybersecurity program that addresses areas of potential exposure can separate businesses that thrive from those derailed by devastating breaches.”
Most Concerning Cyber Risks
There has been a 150% jump in the number of cybercrimes reported in the last 10 years, with 60% of those attacked reporting multiple incidents.
Of the 1,200 business decision-makers across the country surveyed, many had already experienced cyberattacks and security breaches:
- 39% had a security breach – someone gaining unauthorized access
- 28% had a system glitch or user error
- 27% had info/systems put at risk by employees using unsafe practices
- 24% were targets of extortion/ransomware
- 23% were victims of unauthorized access to operational or industrial control systems
For the ninth time in the last 10 years, the percentage of respondents who said their company has suffered a cyber event was higher than the year before. This year, 25% said they had suffered a data breach or cyber event, compared with 24% in 2024.
Almost half of those responding to the Traveler’s survey are concerned about losing money in social engineering fraud (SEF) schemes, in which employees are convinced to transfer funds through texts or emails. In an SEF scam, bad actors impersonate higher-ups or IT in email, texts, or even chat, requesting funds or financial information that compromises security. These types of attacks are growing more prevalent as criminals use AI to create more convincing and urgent appeals.
More than half of business leaders are worried about security breaches and hackers (56%), unauthorized access to financial accounts (55%), compromise or theft of client records (53%), security glitches or beaches through a vendor (53%), cyber extortion and ransomware (53%) or employees putting information at risk or allowing a system breach (51%).
Respondents from large- and medium-sized companies ranked cyber as the top overall business concern, and it ranked third for businesses of all sizes, with 56% saying they worry some or a great deal. The top five overall concerns were:
- Broad economic uncertainty (58%)
- Medical cost inflation (58%)
- Cyber risks (56%)
- The impact of the global economy on a company (53%)
- Supply chain risks (51%)
The Role of Cyber Insurers
Insurers have an opportunity as trusted advisors to reach out to businesses to discuss and educate them on the growing threats cyberattacks can pose. Any organization using online technologies can fall victim to cybercrime, and different sectors face their own specific risks and concerns.
Although concerned, many companies don’t know where to start in improving their cybersecurity. More than 20% of businesses said their company had not taken simple protective steps, such as:
- Using firewall protection (24%).
- Backing up data and infrastructure (24%).
- Requiring password changes (29%).
- Keeping software up to date (29%).
Insurers can play a key role in not only helping insureds have the coverage they need in case of an attack, but also in devising security strategies and tactics to prevent attacks from happening or progressing. Education and security measures mitigate risks and lower costs.
“Companies need to stay vigilant and not take their eye off the ball, because the key to successful cyber mitigation is staying ahead of it,” said Lauren Winchester, vice president of cyber risk services at Travelers. “The worst thing a business can do is to become complacent. Don’t stop investing, because the bad actors aren’t stopping.”
Access the full report: 2025 Travelers Cyber Risk Index | Travelers Insurance. The annual report surveys more than 1,200 business decision-makers across the country on a variety of cyber-related topics.
Interested in Carriers?
Get automatic alerts for this topic.