The 2019 Travelers Risk Index has found that cyber risks are the top concern among businesses of all sizes for the first time since the survey began in 2014.

Of the 1,200 business leaders who participated in the survey, 55% said they worry some or a great deal about cyber risks, ahead of medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%) and legal liability (44%).

As concerns about cyber threats have grown, a higher percentage of businesses across nearly every industry reported taking proactive measures to safeguard against cyber risks, the survey says — although a sizable percentage have not implemented such preventive best practices. The steps taken by respondents include:

• Purchasing a cyber insurance policy (51% of survey participants, up from 39% last year).
• Creating a business continuity plan in the event of a cyber attack (47%, up from 38%).
• Taking a cyber risk assessment for themselves (49%, up from 45%) and their vendors (41%, up from 37%).
• Updating computer passwords (74%, up from 71%).

“The Travelers Risk Index shows that more businesses are taking steps to prevent a cyber event, but it’s still alarming that nearly half don’t have the proper insurance coverage,” said Tim Francis, Enterprise Cyber Lead at Travelers. “One cyber attack can put a company out of business. Taking the threat seriously and implementing a risk management program that addresses possible exposures can help a company not only avoid an attack but also recover from one as quickly as possible.”

Since 2015, the percentage of small business respondents who have suffered a cyber attack has tripled, from 4% to 12% this year. Increases are also being reported among medium-sized companies (10% in 2015 to 20% this year) and large businesses (from 19% to 33%).

“More companies are experiencing cyber attacks,” Francis said. “The cost of a single breach to a small business can easily reach a substantial amount of money on top of the time it takes to restore the business, so protecting a company’s assets with a cyber insurance policy is critical.”

Other findings include:

• Suffering a security breach and a third party gaining unauthorized access to bank accounts were tied as the biggest cyber-specific worry among businesses. The third-highest cyber-specific concern was an extortion or a ransomware attack, which increased to 52% from 44% in 2018. Last, 43% of respondents said social engineering scams were a concern, up from 36% last year.
• While there is greater awareness of cyber risks generally, one in four survey participants didn’t believe their business would suffer a cyber attack, and thus opted not to purchase a cyber insurance policy. The top reason for not purchasing a cyber insurance policy, cited by 31% of respondents, was the expense.
• Three-fourths of survey participants agreed that having the proper cyber prevention tools in place is critical to the well-being of the business, an increase from 69% in 2018.
• Nearly 80% of respondents admitted that it is difficult to keep up with the ever-changing cyber landscape.
• The percentage who said today’s business environment was more risky remained at 36%.