New York | August 27, 2025
Despite being focused on post-breach activities, cyber incident response planning has emerged as a key cybersecurity control in reducing an organization’s likelihood of experiencing a breach-related claim, according to a new report from the Cyber Risk Intelligence Center (CRIC) of Marsh McLennan (NYSE: MMC), the world’s leading professional services firm in the areas of risk, strategy, and people.
The report Cybersecurity signals: Connecting controls and incident outcomes found that organizations that regularly engage in tabletop exercises and scenario-based breach response drills are 13% less likely to experience a material cyber event than those that do not.
Since launching its 2023 research into the correlation between the 12 cybersecurity controls tracked by the cyber insurance industry and the likelihood of a cyber claim, the CRIC has continued to analyze organizations’ cyber control implementation information from Marsh’s Cyber Self-Assessment against claims. This year, cyber incident response planning ranked as the fifth most effective control in decreasing an organization’s probability of experiencing a breach-based claim, behind network hardening techniques, endpoint detection and response (EDR), logging and monitoring, and cybersecurity awareness training and phishing testing.
“Marsh has long advocated proactive cyber incident response planning as a tool to help organizations effectively and efficiently respond to and recover from a cyberattack,” said Tom Reagan, Global Cyber Practice Leader, Marsh. “What our latest research confirms is that thoughtful planning also drives secondary benefits like positive security behaviors and strong control implementations, which help build more organizational resilience and reduce breach incidents.”
This year’s report also highlights the importance of effectively deploying and managing other key cybersecurity controls. For instance, the report found that each jump of 25% in EDR deployment across workstations and laptops was correlated with an additional 10% decrease in breach likelihood. Similarly, a multi-factor authentication (MFA) deployment that is resistant to phishing schemes is correlated with a 9% lower breach likelihood than MFA that is not.
“Our findings emphasize that simply deploying key cybersecurity controls is no longer enough—these tools must be properly managed and comprehensively used,” said Scott Stransky, Head of Marsh McLennan’s CRIC. “By drawing on our insights, organizations can make informed decisions to strengthen their security frameworks and help reduce their exposure to cyber risks.”
