Dive Brief:
- Half of surveyed contractors don’t have cyber insurance, a new survey from New York City-based insurance firm Travelers found.
- The 2024 Travelers Risk Index, which began publishing in 2014, asks business insurance decision-makers from U.S. companies of various sizes and industries about the issues that worry them most, according to a news release announcing the results. This iteration, conducted by Hart Research, counted 1,202 respondents across eight industries.
- For the fourth time in six years, cyber threats ranked as the top concern for survey participants. A record number of participants, 62%, say they worry some or a great deal about cyber risks.
Dive Insight:
The survey breaks down results by industry. For contractors, the top fear was hackers gaining unauthorized access to financial accounts. Second was the failure to operate the company due to cyber events, and third was a security breach or hackers.
Despite these concerns, however, contractors still lag behind. Although 80% of respondents in the industry believe that having proper cybersecurity controls in place is critical:
- 70% do not use endpoint detection and response tools.
- 70% do not have a post-breach team.
- 56% do not have an incident response plan.
- 50% lack cyber insurance.
- 45% do not use multifactor authentication for remote access.
“The findings speak to the business community’s greater awareness of cyber threats and the catastrophic damage, both operational and financial, a cyberattack can have on a company,” said Tim Francis, enterprise cyber lead at Travelers. “What’s troubling is that while more businesses are securing cyber insurance as a tool to mitigate vulnerabilities, many still elect not to — despite knowing the risks.”
Historically, construction has been vulnerable to cyber threats, and the survey results arrive in the backdrop of two recent incidents. Last year, a hack targeted commercial construction underwriter Builders Mutual Insurance Co., which affected the personal information of 64,761 customers, current employees and former workers.
Additionally, in September, cybersecurity firm Huntress discovered an emerging threat for users of Foundation Software, which offers accounting services to contractors.
Citing the report, Travelers published a cybersecurity guide that recommended companies take actions such as conducting audits or reviews of data privacy and security measures; interviewing in-house or third-party IT professionals about data security and privacy protection capabilities of a system; and enacting safeguards such as multi-factor authentication, endpoint detection and response and data backup.