General Insurance Article - Incident response planning is a key cybersecurity control


Despite being focused on post-breach activities, cyber incident response planning has emerged as a key cybersecurity control in reducing an organization’s likelihood of experiencing a breach-related claim, according to a new report from the Cyber Risk Intelligence Center (CRIC) of Marsh McLennan (NYSE: MMC), the world’s leading professional services firm in the areas of risk, strategy, and people.

 The report Cybersecurity signals: Connecting controls and incident outcomes, found that organizations that regularly engage in tabletop exercises and scenario-based breach response drills are 13% less likely to experience a material cyber event than those that do not.

 Since launching its 2023 research into the correlation between the 12 cybersecurity controls tracked by the cyber insurance industry and the likelihood of a cyber claim, the CRIC has continued to analyse organisations’ cyber control implementation information from Marsh’s Cyber Self-Assessment against claims. This year, cyber incident response planning ranked as the fourth most effective control in decreasing an organization’s probability of experiencing a breach-based claim, behind endpoint detection and response (EDR), logging and monitoring, and cybersecurity awareness training and phishing testing.

 “Marsh has long advocated proactive cyber incident response planning as a tool to help organizations effectively and efficiently respond to and recover from a cyberattack,” said Tom Reagan, Global Cyber Practice Leader, Marsh. “What our latest research confirms is that thoughtful planning also drives secondary benefits like positive security behaviors and strong control implementations, which help build more organisational resilience and reduce breach incidents.”

 This year’s report also highlights the importance of effectively deploying and managing other key cybersecurity controls. For instance, the report found that each jump of 25% in EDR deployment across workstations and laptops was correlated with an additional 10% decrease in breach likelihood. Similarly, a multi-factor authentication (MFA) deployment that is resistant to phishing schemes is correlated with a 9% lower breach likelihood than MFA that is not.

 “Our findings emphasize that simply deploying key cybersecurity controls is no longer enough—these tools must be properly managed and comprehensively used,” said Scott Stransky, Head of Marsh McLennan’s CRIC. “By drawing on our insights, organizations can make informed decisions to strengthen their security frameworks and help reduce their exposure to cyber risks.”
  

Back to Index


Similar News to this Story

Cyber Insurance is next big product for commercial brokers
UK brokers believe that cyber insurance is the new or emerging commercial insurance product with the most growth potential. Significantly low cyber in
Davies names Richard Barke as CEO of Insurance Solutions
Davies, the leading specialist professional services and technology firm serving insurance and highly regulated markets, has announced the promotion o
Incident response planning is a key cybersecurity control
Despite being focused on post-breach activities, cyber incident response planning has emerged as a key cybersecurity control in reducing an organizati

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.