October is Cybersecurity Awareness Month, and with cybercrime a growing concern as COVID-19 has forced most of the world to go digital, the importance of cyber risk mitigation is making itself increasingly clear.

Out of the more than 1,200 business leaders surveyed, 22%—the highest percentage since the survey's start in 2014—said their firm was the victim of a cyber event, according to the 2020 Travelers Risk Index. Yet, despite cyber threats being a top concern for large and medium-sized businesses, fewer companies took steps to mitigate cyber risks than they did in 2019.

In the survey, businesses indicated they do not implement basic prevention practices, such as training employees on cybersecurity awareness or enhancing cybersecurity monitoring and early warning. Moreover, only slightly more than half (55%) of businesses have purchased a cyber insurance policy. 

Why the decline in businesses taking steps to mitigate risk, even as cybercrime grows?

“According to the survey participants, cost is a factor, and so is the thought that their company won't become a cyber victim," says Tim Francis, enterprise cyber lead at Travelers. “Some said they have too many other things to worry about, and some feel they already have adequate protections in place."

With business leaders feeling overwhelmed with other challenges presented by COVID-19, or simply underestimating the risk and their response, independent agents should be at the ready to guide their clients through the potential threats and solutions.

Out of the biggest cyber concerns that agents should make their commercial clients aware of, Francis highlights, “Ransomware," which “continues to be a dangerous threat, with the frequency and severity of those attacks up significantly in 2020."

But ransomware isn't the only concern. “Cyber threats are constantly evolving and becoming more sophisticated," Francis says. “Others include data breaches or someone gaining unauthorized access to financial accounts or records. There's also a scheme called social engineering fraud, where a cybercriminal tricks an employee into transferring company funds to a fraudulent account."

Francis also points out another emerging cyberattack trend in which cybercriminals are taking advantage of the elevated number of remote workers. “Bad actors gain access to an employee's device and then lurk until the employee returns to the corporate office setting where the criminal might do damage on a much larger scale."

Agents can encourage clients to take several steps to reduce cyber risk. “Resources might be harder to come by because of the environment we're in, but many of the actions that can reduce cyber risks, such as changing passwords, come at no cost," Francis says. He recommends starting with:

• Firewall and virus protection
• Updating computer passwords
• Data backup processes
• Hacker intrusion detection software
• Staff training on computer and data security
• Multifactor authentication for cloud services
• Cyber assessments on both company and vendors
• Written business continuity plan

“Any of these actions will help, but together, they can provide a substantial defense against cybercrime and the costs associated with suffering a cyber event," Francis says. “The potential consequences of suffering a cyberattack are too severe to not address any vulnerabilities."

As independent agents navigate the cyber liability market for their clients, Francis adds that it's key that they “know the product and the options that are available. We've heard from some consumers that they weren't aware of a standalone cyber insurance product and assumed any kind of cyberattack would be covered by a policy they'd already secured. Many times, that's not the case."

AnneMarie McPherson is IA news editor.