Fewer Companies Taking Cyberrisk Mitigation Steps

Hilary Tuttle


November 2, 2020

Concerns about threats and the volume of cyberattacks experienced have increased during the pandemic, yet fewer companies have taken steps to mitigate cyberrisk than even a year ago, according to the 2020 Travelers Risk Index. Of the 1,200 business leaders surveyed, 22% said their company had experienced a cyber event this year. Overall, broad economic uncertainty was the greatest worry for respondents, but cyber ranked first for large and medium-sized businesses, and for enterprises in the health care, technology, nonprofit and public sector industries.

Yet only 48% said their organization had used intrusion detection software, 47% conducted a cyberrisk assessment, 37% formally assessed vendors’ cyber vulnerability, and 42% had written a business continuity plan for responding to cyberattacks. “With more employees relying on their ability to connect with company systems from remote locations, and many consumers preferring online transactions in an age of social distancing, it’s more important than ever for companies to do all they can to mitigate exposure to cyber threats,” said Tim Francis, enterprise cyber lead at Travelers.

Hilary Tuttle is managing editor of Risk Management.