Skip to main content

Cyber Risk

Given the complexities and pervasiveness of cyber risk, organisations can benefit from experienced risk advice when managing their exposures. We can help you assess and quantify your cyber risk, prepare for and respond to cyberattacks, transfer your risk, and build lasting risk management and resilience.

Cyber risk is no longer a technology problem — it has become a constantly evolving systemic risk for organisations and societies that must be actively managed. With dramatic increases in remote work, supply chain interconnectivity, digitisation pressures, and critical infrastructure vulnerabilities, organisations are more exposed than ever. To thrive, they must move beyond protection to resilience.

Cyber threats impact every industry. Every business — large and small — is now managing cyber risk. There’s no one-size-fits-all answer either: with new digital transformation technologies comes an increased attack surface for cybercriminals to penetrate.

Many organisations look at cybersecurity as an operational or technology problem and are spending more every year on cybersecurity solutions. Yet the scale, frequency, and economic impact of cyber events — whether ransomware, supply chain attacks, or business interruptions — continues to grow.

For more than 25 years, Marsh’s Cyber Practice has been a global leader and trusted risk advisor, building and delivering best-in-class capabilities and solutions to help our clients understand, measure, and manage their cyber risk. We enable better strategic decision-making around your cyber risk through our advisory services and technologies for insurance, incident management, risk intelligence, and resilience optimisation.

Our core capabilities include:

  • Risk intelligence: Threat intelligence, risk-based economic modelling, and quantification tools to inform data-driven decision-making.
  • Insurance: Proprietary programs, products, and tools to inform and optimize cyber risk transfer.
  • Incident management: Preparation, management, and response capabilities to drive effective and efficient outcomes.
  • Cybersecurity: Product, service, and provider assessments, plus placement support, to reduce cyber indecision risk.

Whether you need help building an insurance program from the ground up or identifying best-for-you cyber vendors, Marsh advisors are your objective, insightful guides to help you navigate key moments on your cyber journey and build lasting resilience.

We enable better strategic decision-making around your cyber risk through our advisory services and technologies for insurance, incident management, risk intelligence, and resilience optimisation.

Related insights

Protect your digital possibility

You need the ability to reshape and rethink your cyber approach in a fast-changing threat landscape. Marsh is your “always-on” cyber partner to help make your path to cyber resilience more productive and predictive, and your outcomes more efficient.


years managing ground-up cyber risk programs


billion+ cyber premiums placed in 2021


dedicated cyber colleagues globally


Cyber insurance can help an organisation recover losses and associated costs resulting from large-scale breaches, business interruption, ransomware, and other types of cyberattacks.

Comprehensive cyber insurance coverage can provide you with resources and reimbursement for items such as legal fees, incident preparation and response support, employee training, forensics services, and breach notification services. Such insurance policies can also offer you coverage for first- and third-party costs and liabilities such as lost revenue and extra expenses, regulatory fines and penalties, data and hardware restoration and repair, and reputational harm.

Any company or public sector entity that uses technology or data faces cyber risk. The list of cyber risks challenging organisations today is expanding exponentially. Ransomware, for instance, is increasing in frequency, severity, and sophistication. But it’s just one of many cyber risks to be understood, measured, and managed.

With cyber insurance, you can create a tailored coverage program that transfers risk out of your organisation, as well as reduces balance sheet impact and volatility resulting from cyberattacks.

Having a comprehensive cyber risk insurance program in place, complemented by a risk management program, has never been more important to help your organisation appropriately manage its risk.

The cyberattacks dominating the headlines today are largely insurable. In those cases where companies bought insurance, coverage responded and claims were paid.

While terms and conditions can vary, a cyber insurance policy can include comprehensive coverage in advance of, during, and after a ransomware attack. It may cover, but is not limited to, incident response planning, breach notification services, and restoration and repair.

When it comes to cyber risk, businesses responding to a recent Marsh survey indicated they are most concerned about ransomware, regulatory risk, and supply chain risk. But only 18% of respondents indicated that they are highly prepared for cyber risk (Marsh Risk Resilience Report 2021).

Here’s what you should understand about these trends in relation to your own risk management.

  • Ransomware: Ransomware attacks are increasing in frequency, severity, and sophistication. These incidents not only have the potential to shut down day-to-day operations, but can also expose your business to the legal, reputational, and financial consequences of data leaks.
  • Regulatory risk: Privacy regulations are intensifying, and many organisations lack a comprehensive approach to managing them. Compliance requirements are proliferating, while fines continue to grow. General Data Protection Regulation (GDPR and Notifiable Data Breach (NDB) represent a handful of the many global, regional, and industry regulations with which companies may need to comply.
  • Supply chain: Attacks on the supply chain present an opportunity for an attacker to compromise many downstream organisations through a single entry point, making it an enticing target. As more organisations modernise and digitise, they open themselves up to more cyber risk.

Any organisation that uses technology or data has a cyber risk exposure. The list of cyber risks is endless, and disruptions to your business can have an enormous impact on your operations and the bottom line. But cyber, like any business risk, can be understood, measured, and managed.

When it comes to managing cyber risk and threat exposures, companies typically gravitate toward technology solutions, including security hardware and software, cyber consulting and penetration testing services, and cyber risk scorecards. However, despite spending millions, most organisations lack a true view of organisational cyber risk and its potential economic and operational impact on their business.

Our clients look to us for our unique ability to help them better manage cyber risk throughout their organisation and improve their resilience. We can help you quantify your cyber risk exposures with scenario-based loss modeling, benchmark potential cyber event losses and costs, consider the effectiveness of cybersecurity controls from a financial perspective, and assess the economic efficiency of multiple cyber insurance program structures.

Our people

Brylee Jaghbir

Brylee Jaghbir

Head of Cyber, Pacific

Placeholder Image

Gill Collins

Head of Cyber Incident Management and Cyber Consulting, Pacific

Placeholder Image

Hannah Morgans

Growth Leader, Cyber

  • Australia

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”