The first step to mitigating increasingly frequent and severe cyber threats is knowing the right actions and investments to prioritise. The Marsh Cyber Self-Assessment harnesses proprietary data and analytics capabilities to provide a highly accurate overview of your organisation’s cyber risk maturity and insurability, including strengths, weaknesses and gaps in your cybersecurity controls.
The Marsh Cyber Self-Assessment is the only broker diagnostic accepted by insurers for quoting and binding, and is free for all organisations
- Based on the inputs, the Cyber Self-Assessment report benchmarks your organisation’s cybersecurity controls against your industry peers and highlights the critical improvements required.
- Along with a scorecard, you will receive a detailed evaluation of the maturity of your cybersecurity program across the five functions (Identify, Protect, Detect, Respond, Recover) established by US National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Your responses to the questionnaire can be used directly on applications for cyber insurance coverage, streamlining the placement process by saving you time needed to fill additional proposal forms.
How the Marsh Cyber Self-Assessment works
Consisting of a diagnostic questionnaire and report, the Cyber Self-Assessment process is designed to be highly streamlined, secure, and efficient.
The Cyber Self-Assessment questionnaire is designed with the following features:
- Collaborative and flexible: Multiple participants in your organisation can contribute to the same form simultaneously, with changes tracked on an activity log. Centralising your stakeholders’ inputs into a single application and allowing them to respond at their own convenience helps eliminate inefficiencies, redundancies and version control errors.
- Easy-to-use: The assessment interface is optimised for user-friendliness, with the ability to save progress and add commentary for additional detail if needed.
- Highly secure: Access to the form is controlled and login requires multi-factor authentication. Responses are encrypted and securely stored, ensuring a high level of data security and privacy.
Contributors to the Cyber Self-Assessment should include the organisation’s risk management, IT/information security and treasury/finance functions. The process brings together different points of view and serves as a starting point for building an enterprise-wide cyber risk management strategy.
How the Cyber Self-Assessment works
Step 1: Collaborate across your cyber risk ecosystem to complete the assessment
To complete the Cyber Self-Assessment, involve key stakeholders across your organisation, including risk management, IT/information security, and finance to gauge diverse perspectives.
The questionnaire covers a broad range of cybersecurity domains such as network security, data protection, and incident response. It is designed to evaluate the most critical cyber risks your business faces today, while accounting for current insurance market dynamics.
Step 2: Gain access to your tailored insights and benchmarking
Once you complete the Cyber Self-Assessment, Marsh provides the following value-added reports:
- Cybersecurity maturity rating: Evaluates your maturity across the five functions of the NIST Cybersecurity Framework.
- Top cybersecurity controls analysis: Provides ratings for your key cybersecurity controls, assessed from the perspective of insurers.
- Peer benchmarking: Compares your cybersecurity maturity and control ratings against industry peers who have also completed the assessment.
- [New] Cyber insurance placement analytics: Uses industry and revenue data to model potential losses from ransomware, business interruption and privacy breach events. You can apply different insurance scenarios to assess the effectiveness of various strategies and inform your purchasing decisions.
For deeper insights, advanced or tailored analyses are also available through Marsh’s Cyber Risk Quantification service.
Step 3: Apply for cyber insurance with confidence
Once you’ve completed the assessment, Marsh helps you apply for cyber insurance with multiple insurers. As a Marsh cyber client, you also gain access to additional tools:
- Cyber incident platform: Provides a secure means to communicate with stakeholders, orchestrate incident response activities, and segment access to communications and documents when a cyber incident occurs.
Why Marsh
Marsh Asia is the only broker offering a full suite of market-leading cyber resilience capabilities, supported by a team of over 25 Asia-based former underwriters, lawyers, actuaries, cyber advisors, and claims specialists.
We provide an integrated suite across insurance, risk intelligence, claims and incident management, and cybersecurity, backed by practical tools like Cyber Self-Assessment (used by over 500 Asian companies) and Cyber Risk Quantification to translate risk into financial impact, with global cyber premiums exceeding US$4B in 2024.