Cyber threats remain the leading concern for large- and medium-sized businesses, according to the 2025 Travelers Risk Index. The annual survey explores a range of cyber-related topics, including the prevalence of attacks and the steps companies are taking to address vulnerabilities.
While cyber threats ranked as the top concern for larger firms, they placed third overall among businesses of all sizes, with 56% of respondents indicating they worry some or a great deal about the risk.
Broad economic uncertainty and medical cost inflation tied for the highest level of concern at 58%. Other significant issues included the impact of the global economy, cited by 53%, and supply chain risks, noted by 51%.
A security breach or hacking incident was identified as the primary cyber-related business concern. Despite this, the survey found a decline in the overall perception of risk. Only 40% of respondents said they believe the business environment is becoming more risky, down from 51% last year. Concern over cyber threats also fell, with 56% expressing worry, compared to 62% in 2024, marking the lowest level since 2020.
Among large companies, 62% of participants said they thought a cyberattack against their organization was inevitable, a decrease from 70% in the prior year. The survey also revealed that more than 20% of businesses had not implemented basic protective measures, such as firewall protection, data backups, regular password changes, or keeping software up to date.
“These findings provide a compelling snapshot of how people and companies view cyber threats and what they’re doing, if anything, to avoid becoming the next victim of a cyberattack,” said John Menefee (pictured above), vice president and enterprise cyber lead at Travelers.
Menefee said that awareness and the implementation of a cybersecurity program can distinguish businesses that avoid breaches from those that are affected by them.
The cyber insurance market is also undergoing notable changes. For the first time since 2018, US cyber insurance premiums declined, with the average premium for stand-alone cyber coverage falling by 6% in the first quarter of 2025.
This decrease is attributed to heightened competition among insurers, improved risk controls by policyholders, and a reduction in ransomware claims. The shift in pricing dynamics is prompting more businesses to evaluate their coverage needs and risk management strategies as the market adjusts to new realities.
At the same time, the nature of cyber threats continues to evolve. Experts have observed that attackers are becoming more selective, targeting high-value victims with increasingly sophisticated tactics.
While the overall frequency of attacks may not be rising sharply, the impact of successful incidents remains significant, often resulting in major operational and financial consequences for affected organizations.
“Companies need to stay vigilant and not take their eye off the ball, because the key to successful cyber mitigation is staying ahead of it,” said Lauren Winchester, vice president of cyber risk services at Travelers.
She warned that complacency could leave businesses exposed, emphasizing the importance of continued investment in cybersecurity.
Travelers’ survey also reported that 25% of respondents experienced a data breach or cyber event in the past year, up from 24% in 2024. This marks the ninth time in the last decade that the percentage of companies reporting a cyber incident has increased year-over-year.
What are your thoughts on this story? Please feel free to share your comments below.
