New CT study shows businesses are vulnerable to cyberattack. Here’s where weaknesses are. [Hartford Courant]

The Travelers Risk Index found that 58% of businesses that were surveyed worried some or a great deal about cyber breaches, placing the issue in nearly a three-way tie with rising medical costs, at 60%, and economic uncertainty, at 59%.

The index has been compiled annually since 2014 by insurance giant Travelers Cos., which underwrites cybersecurity coverage. The index is based on the responses of participants from 1,200 small-, medium- and large-sized companies nationally over a two-week period in June.

“Cyber risks have extremely serious consequences — one attack can weaken an organization or potentially put it out of business,” Tim Francis, enterprise cyber lead at Travelers, said, in a statement. “Fortunately, there are effective measures that companies can take to address vulnerabilities and successfully manage through a cyber event.”

A cybersecurity breach that was detected at the end of May is considered the largest cyberattack this year and in recent memory. The breach involved the transfer tool MOVEit that is owned by Boston-based Progress Software Corp. MOVEit is used by thousands of government agencies, public organizations and businesses to transfer often sensitive information over the internet.

Tens of thousands of CT residents have personal information scooped up in massive cybersecurity breach

The breach, affecting an estimated 1,100 businesses, was reportedly perpetrated by ClOp ransomware that raided MOVEit servers and stole customer data. The breach did not involve the companies themselves but third-party vendors hired by those companies who used MOVEit.

In Connecticut, alone, tens of thousands of consumers were affected by the MOVEit breach, exposing, in some cases, Social Security numbers, dates of birth and addresses. The insurance industry was particularly hard hit with 30 companies impacted and more than 225,000 individuals.

The survey, commissioned by Travelers and conducted online by Hart Research, found that more than half of those responding to the survey — 57% — had not conducted cyber assessments for their vendors.

In addition, at least 25% had not taken steps to install a firewall or virus protection or password updates. A total of 64% don’t use “endpoint detection” or conduct cyber assessments of their customers’ assets, 50% don’t have an incident response plan and 44% don’t use multistep authentication.

Nearly one-quarter of those responding said their company had experienced a cyberattack, and, of those, almost half said it had taken place in the last year.

Security breaches, typically when someone gains unauthorized access to a company’s computer system, is the most common cyberattack among companies of all sizes, accounting for almost a third of all attacks. But the survey also found that “phishing” emails that persuade an employee to take an action that will expose the company to an attack also are on the rise.

Francis said businesses are making strides in protecting themselves against cyberattack but all size businesses still remain vulnerable.

Kenneth R. Gosselin can be reached at [email protected].

©2023 Hartford Courant. Visit courant.com. Distributed by Tribune Content Agency, LLC.