Skip to main content


Cyber resilience: 12 key controls to strengthen your security

Take practical steps to build your cyber resiliency with Marsh’s 12 recommended cybersecurity controls, including their characteristics and requirements.
Eye, Cyborg, Eye, Human Eye

Cyberattacks continue to dominate news headlines, driven by a surge in ransomware events, which increased by an overwhelming 148% in 2021. The perpetrators of these attacks now demand multimillion-dollar ransom payments as they cripple a business’s operations, bringing them to a standstill until a payment is made.

As cyberattacks become more prolific, related insurance claims follow, meaning underwriters have been able to identify a correlation between certain controls and corresponding cyber incidents. Through this analysis and the continuous examination of relevant data points, the insurance industry has a rich understanding of the technical steps that organisations can take to build their cyber resiliency. 

However, due to the growth in attritional losses, consequently insurers are now taking a much more cautious position. Insurers are tightening their underwriting terms, carefully analysing all cyber insurance applications, and asking more questions than ever before about an applicant’s cyber operating environment and risk controls.

The adoption of certain controls has now become a minimum requirement of insurers, with organisations’ potential insurability on the line. Organisations are undoubtedly placing more emphasis on controls than ever before to help mitigate their ransomware risks and improve their overall cybersecurity position and resilience.

Organisations are recommended to implement a number of cyber hygiene controls that are key to achieving cyber resilience and insurability.

12 cyber security controls 

While these controls have been established best practice for several years, some companies are still struggling to adopt them — most often because they have been unable to justify the cost of implementation, did not deploy them comprehensively, or did not understand or see the need for controls. In many regulated industries where cyber resilience controls have been required for years, the effort was often more about checking a box, than enhancing security.

Marsh has recommended 12 key cybersecurity controls providing practical deep dives into their characteristics and requirements. Complete the form to receive three control deep dives each week over the next four weeks to help build your organisation’s cyber resilience.

This webpage is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy.  Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”