The Travelers Companies has released its 2025 Travelers Risk Index, painting a nuanced picture of how businesses across the United States view the evolving threat landscape. While large- and medium-sized companies still rank cyber threats as their number one concern, the survey reveals a paradox: fewer organizations than last year believe the business environment is becoming more risky, even as cyber incidents continue to rise.
The survey, which draws insights from more than 1,200 decision-makers across industries, highlights that 25% of businesses reported suffering a cyber event in the past year, up from 24% in 2024. Yet, the percentage of respondents who believe a cyberattack on their company is inevitable has fallen, particularly among large companies, where the number dropped from 70% in 2024 to 62% this year. This dip may reflect a sense of resilience or, more troublingly, creeping complacency.
Cyber ranked third overall among all business sizes, with 56% of respondents saying they worry some or a great deal about it, down from 62% in 2024. Broader economic forces, however, reclaimed the top spot, with both economic uncertainty and medical cost inflation tying at 58%. These were followed by global economic impacts (53%) and supply chain risks (51%). Still, when it comes to technology-related threats, the most pressing fear is a security breach or hacking incident.
The findings also expose worrying gaps in basic cyber hygiene. More than one in five companies reported not taking elementary steps such as enabling firewalls, keeping software up to date, or requiring regular password changes. As Lauren Winchester of Travelers Cyber Risk Services cautioned, “The worst thing a business can do is to become complacent. Don’t stop investing, because the bad actors aren’t stopping.”
Complementing the survey, the Travelers Institute will continue its cyber awareness efforts with two public events this October: a webinar on October 8 featuring Jeff Greene, former cyber leader at the White House and CISA, and a live symposium in Tulsa on October 20. Both will focus on practical strategies to prepare, prevent, mitigate, and restore in the face of cyber threats.
The 2025 Risk Index suggests a business community grappling with mixed signals—heightened economic anxieties on one hand, but a growing sense of normalcy around cyber risks on the other. Yet the steady rise in reported cyber incidents underscores the danger of letting guardrails slip. Awareness, investment, and proactive defense remain the dividing line between resilience and vulnerability in a landscape where complacency is as dangerous as the attacks themselves.
Leave a Reply