Most businesses fall short in cyberattack prevention

Most businesses have not taken steps to prevent or mitigate cyberattacks despite expressing confidence that they have implemented best practices, according to a survey by Travelers Cos. Inc. issued Tuesday.

At least 25% of businesses are not even implementing the most basic practices such as firewall/virus protection, data backup and password updates, according to the 2023 Travelers Risk Index.

Among the more than 1,200 U.S. executives surveyed, a much higher percentage don’t implement other effective cybersecurity controls, Travelers said.

Some 64% said they don’t use endpoint detection and response and 44% don’t utilize multifactor authentication for remote access, Travelers said.

In addition, some 57% percent don’t conduct cyber assessments of vendors or customers’ assets (56%) and 50% don’t have an incident response plan.

Among survey respondents, 58% said they worry some or a great deal about cyber, ranking it just behind concerns about medical cost inflation (60%) and broad economic uncertainty (59%).

“Cyber risks have extremely serious consequences – one attack can weaken an organization or potentially put it out of business. Fortunately, there are effective measures the companies can take to address vulnerabilities,” Tim Francis, enterprise cyber lead at Travelers, said in a statement.

Nearly one-quarter (23%) of survey participants said their company had suffered a cyberattack, with almost half (49%) of those occurring in the last year.