We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:



Managing Your Cyber Risk Posture: From Risk Transfers to Business Continuity Management


Despite being 80 percent more likely to be targeted by hackers than the rest of the world, cyber risk mitigation efforts in the Asia-Pacific region are generally weak.  This can be seen in the low levels of awareness and insufficient cybersecurity investments.  It is also reflected in the lower than necessary cyber insurance adoption rates in Asia.

In this paper we begin by realigning the common misconceptions businesses have regarding cyber risk insurance. Then, we recommend a three-pronged approach, which details an action plan to demonstrate to organizations key considerations in moving towards a greater focus on cyber resilience:

  • Effective endpoint security management. First putting in place best practices in cyber-defense, including effective endpoint security and IT infrastructure. As the first line of defense, it is important to continuously upgrade to smarter endpoint security. This can be achieved via threat intelligence to scale up the capabilities of detection and prevention of cyber adversaries that continue to evolve and increase in frequency and severity.
  • Leverage on risk transfer. Managing the cost of remediation once a compromise has occurred, insurance is one of the many essential tools in the risk mitigation toolbox. However, businesses need to be fully aware of the implications cyber threats may bring before deciding which cyber insurance coverage is necessary and suitable for their organizations.
  • Make business continuity management plans. Businesses are also strongly encouraged to consider putting in place crisis management plans to ensure critical business activities are recovered and quickly resumed, to minimize operations and business interruptions.

Evolving with the emerging risks and uncertainties in our increasingly digitized world, organizations and businesses should continuously assess and improve their cyber risk understanding to help make informed strategic decisions around business operations.