Cyber risks top the business worries for banking and financial services, healthcare, technology and professional services companies, and nonprofit organizations. Large businesses report greater concerns over cyber risks than midsized and small businesses.

With hackers and their exploits growing more sophisticated, today’s cyber breaches target both technology and the people who use it. Viruses, spear phishing emails and social engineering schemes seek the weakest link to gain access to sensitive data. The cyber concerns of businesses reflect this. Businesses are more concerned about malicious/criminal attacks (53%) than system glitches (20%) or human error (27%).

Large businesses report a higher incidence of breaches, with not quite 1 in 4 saying they have had a breach. Large businesses are also more concerned about cyber risks than businesses of all sizes. With 69% of large businesses citing cyber risk as a concern, it leads the list of business worries for this group. Midsized businesses are somewhat less concerned, with 58% describing cyber risk as something they worry a great deal or some about. Less than half of small businesses (44%) reported similar concerns.

At 56%, cyber, computer and technology risk was the second-highest business risk again this year. Specific cyber worries include a security breach, such as someone hacking into the company’s computer system (50%); the company’s computers becoming damaged or going down (48%); and someone gaining access to the company’s banking accounts or financial control systems (47%).

Despite these concerns, only 18% of businesses reported buying separate cyber coverage. Nearly half (45%) reported the belief that they were covered by other insurance policies. Just under a quarter (23%) said they didn’t need cyber insurance because of other protective measures. Thirteen percent of businesses reported being unsure whether they had cyber insurance.