Building materials company develops an integrated approach to manage cyber crises

The challenge

A large building materials company in Asia had the foresight to purchase cyber risk insurance, but felt it could use a more refined and integrated cyber crisis management strategy. They felt it was important to engage their senior leadership in the process, without overwhelming them.

The solution

The company engaged Marsh’s Advisory Solutions team to facilitate a cyber crisis management exercise, develop playbooks, and review incident response plans. The final step in this engagement was a simulation of a cyber crisis exercise for their executive leadership team.

Marsh’s Advisory specialists mapped out a work plan encompassing three main areas:

Develop cyber incident scenarios and response playbooks

We helped the company work through a comprehensive set of cyber risk scenarios, with a particular emphasis on high-priority incidents, such as ransomware attacks and large data breaches. This phase of scenario development included the creation of playbooks for responding to these high-priority events. The playbooks were built within a framework that allows for continuous improvement over time.

Provide education and training

Another key focus area involved educating and training staff and leadership on incident response best practices. The goal was to further cement the roles that various people and departments within the organisations would be expected to play during a “real life” situation.

Conduct tabletop exercises with executives

Engaging Marsh’s Advisory cyber crisis management team as senior facilitators, the company’s executive leadership took part in a dedicated tabletop simulation to better understand the roles they would be expected to play during a cyber incident.

The results

The client received a comprehensive set of cyber incident playbooks and the knowledge to adjust them over time as cyber risk—and the organisation—evolves. The executive leadership was targeted to ensure they would have the training to be fully engaged during a potential incident.

This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. LCPA 23/377

“Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”