We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:


Research and Briefings

Advancing Cyber Risk Management: From Security to Resilience


Large-scale cyberattacks, growing anxieties about cyber threats, broadening attack surface areas, lengthy dwell times (especially in the Asia-Pacific region), and lagging investments all point to a critical urgency for cyber resilience in this digital age.  A strong cyber resilience culture can set an organization apart from its peers in managing risk, minimising damage, and recovering quickly from a cyber incident.  And yet, in 2018 while the total cost of cyber crimes grew by a third compared to 2016, to US$600 billion, investment in cyber security increased only 10% over the same period.


Recent high-profile events have shown that traditional cyber defense strategies, such as antivirus software, firewalls and password protection, can be ineffective and insufficient.  While it is not practical to expect organizations to stay ahead of every threat, they must be nimble enough to keep pace with the evolving threat landscape and infiltration techniques, emerging threat vectors and the speed of digital transformation, as well as policy changes. In addition cyber laws and regulations across the globe are changing quickly, revealing additional layers of fiduciary responsibilities organizations must assume.

For organizations who want to adopt an end-to-end cyber risk management approach, this report highlights the following three “calls to action”:

  • Understand cyber risks from a business perspective and assess the nature of any potential cyber-related losses – know your threats.
  • Measure the financial impact of cyber exposures and quantify how much is acceptable across the organization – know yourself.
  • Manage the insurance and recovery process by having a clear action plan based off your capabilities and capacities – know what you can do.

Cyberattacks are inevitable but impactful data breaches and system compromises do not have to be. 

Proper preparation is essential and sets a resilient organization apart from the rest in managing cyber risks, minimizing damages, and swiftly recovering from breach incidents.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.