Skip to main content
Marsh logo

Report

How to use data to prioritise your cybersecurity budget

With so many tools available to manage cyber risk, how can you prioritise your spending to get the best return? Read our report to find out what cyber controls your industry peers are adopting and how well these controls work.

Download the report
Digital data technology

Report: New cybersecurity analytics data helps companies understand the impact of cyber events — and prioritise cybersecurity budgets effectively. 

Giving businesses exclusive insight into the relationship between cybersecurity controls and cyber insurance claims events using proprietary claims and incident datasets, Marsh McLennan’s Using data to prioritize cybersecurity investments report provides a valuable overview of how cybersecurity controls positively impact cybersecurity outcomes. 

The report pairs Marsh McLennan’s Cyber Risk Analytics Center’s extensive proprietary dataset of cyber events with hundreds of responses from the Marsh Cyber Self-Assessment (CSA)  questionnaire. The two cybersecurity analytics datasets highlight which cybersecurity controls have the greatest effect on decreasing the likelihood of a cyber event.

The insights in the report will help organisations prioritise their cybersecurity budget, develop robust strategic roadmaps on cybersecurity, and obtain cyber insurance.

Key highlights of the report:

  • Marsh identified 12 cybersecurity controls that are now assessed critically by cyber insurers, with organisations’ potential insurability at stake. While these controls have been established as critical to maintaining cyber resilience, many organisations may be slow to adopt some of them due to various reasons, such as cost and complexity.
  • For this study, we focused on nine controls that have a large impact on the frequency of a successful cyber event. We compared implementation rates for these nine controls based on CSA responses against respondents’ historical cyber event data.
  • Hardening techniques was identified to be most effective, as organisations with this control in place were about 6 times less likely to experience a cyber event compared to those that did not implement this control.
  • While privileged access management and patched systems were among the top five most effective controls, implementation rates for these controls were the lowest.

How to use this report:

  • Identify and prioritise the cybersecurity controls that are most effective and make more efficient use of your cybersecurity budget.
  • Gain a comprehensive understanding of why it is critical to implement cybersecurity controls broadly, and how tools like multi-factor authentication (MFA) can only have a strong positive impact when implemented fully. 
  • Measure the impact of key cyber risk controls and better inform your cyber resilience strategy with Marsh McLennan’s extensive proprietary claims and incident datasets.

Read the report  and take the first step to accurately prioritising your cybersecurity budget for enhanced cyber risk resilience. To assess your organisation’s cyber maturity, you can also request for the Cyber Self-Assessment (CSA) .