Promoting cyber readiness – Travelers

Cyber threats place organisations of all sizes in the crosshairs of advanced and evolving attacks.

PwC’s 2024 Global Digital Trust Insights survey found that the proportion of businesses that have experienced a data breach costing more than $1m (£790,000) has climbed from 27% to 36% in the past year.

But such increases are avoidable – more than 30% of the companies surveyed don’t consistently follow standard cyber security practices, so there is ample room for them to strengthen their cyber defence.

At Travelers, we recommend organisations adopt a series of cyber readiness practices to achieve a “high five” in protecting sensitive data, trust and operations.

Start with an assessment:

• Know your environment. Build and maintain an inventory of all computing equipment, including networking devices, and the software running on them. You can’t protect what you don’t know about.
• Determine how your company identifies, assesses and mitigates data security and privacy risks.
• Conduct audits or reviews of the company’s data privacy and security measures.
• Interview internal IT professionals – chief data officer, information security officers, privacy officers and data stakeholders – or those of any third-party vendor that provides IT services, to determine the extent of your system’s data security and privacy protection.
• Identify deficiencies or risks and the next steps to promptly correct any issues.

Readiness procedures

Following the assessment, firms should also adopt these five cyber readiness practices to boost their cybersecurity.

1. Implement multifactor authentication (MFA) – MFA provides critical protection, particularly in combination with additional security. It should always be in place for all users to help prevent cybercriminals from accessing a business’s system.
2. Keep systems updated – an unpatched vulnerability is one of the easiest and most common methods used to compromise a computer system or network. Enable automatic updates where possible, replace unsupported systems and test and deploy available patches quickly.
3. Use endpoint detection and response (EDR) – an EDR solution protects against malicious attacks, providing a much stronger shield than a traditional antivirus solution. It can identify suspicious activity within the network before the rest of the network is exposed.
4. Have an incident response plan – a clearly defined, focused and co-ordinated approach to responding to cyber incidents can limit damage and hasten a return to normal. It also shows partners, suppliers and clients that you take cybersecurity seriously.
5. Back up your data – make copies of important data and system configurations and protect them. Data can include protected health information, payment information, personally identifiable information, intellectual property or other proprietary information. A best practice is to create one primary backup and two copies of the data, save these backups to two different types of media, then keep at least one backup file off-site and offline.

These steps – together with cyber insurance that offers pre and post cyber breach services – can help a business better anticipate, withstand and recover from a cyber event.