We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:


Risk in Context

Preparing for the Inevitable: 3 Steps to Building Cyber Resilience

Posted by Thomas Reagan April 24, 2017

You might consider a cyber-attack against your business to be a remote possibility. But attack methods become more sophisticated every day and organizations are more reliant than ever on technology to drive every aspect of their business. This means any organization is vulnerable to a cyber-attack.

To protect your key assets — and to keep your business running — you need to take a three-step approach to building cyber resilience.

1. Assess and Analyze

Cyber-attacks can impact businesses in several ways, from the loss of data and intellectual property to business interruption and more. To protect all your key assets and effectively manage cyber risk, it’s critical that you understand the cyber scenarios your organization is most likely to face — and how much they can cost your business.

To assess your cyber risk, you should:

  • Identify and inventory key assets — data, systems, and infrastructure — that are essential to your operations.
  • Review your internal controls and digital profile to identify internal vulnerabilities and external threats.
  • Value your cyber assets at risk using modeling and other data and technology tools.

By taking these steps, you can objectively measure your cyber risk, and incorporate quantitative data into your risk management decision-making.

2. Secure and Insure

Cyber risk may be a technology challenge, but it needs to be managed economically. And cyber risk should be viewed as an opportunity to improve performance and optimize capital efficiency — not just a cost to manage. A quantitative analysis enables you to more efficiently allocate capital and other resources to reduce and manage cyber risks.

It’s also important to balance your cybersecurity and other mitigation efforts with risk transfer in a way that aligns with your business strategy and risk appetite. Cyber insurance is a cost-effective way to shift cyber risk that you’re unable or unwilling to retain to the insurance market. Your insurance advisor can help you obtain cyber insurance that aligns with your existing property, casualty, and other towers — which may also offer coverage for cyber risks — and ensure that your policies’ terms, limits, and other elements deliver the right protection for your organization.

3. Respond and Recover

True cyber resilience means having the insight to anticipate a changing threat landscape, the agility to adapt and respond quickly to a cyber-attack, and the resources — financial and otherwise — to support the costs of recovery. Your proactive cyber risk planning should include a variety of internal resources and initiatives, including operational controls, employee training and education, and regular monitoring and testing. And a network of external advisors, including crisis strategists, forensic analysts, and attorneys, can provide you with expert advisory and critical support when you most need it.

For more information on how Marsh is #ReimaginingRisk at #RIMS2017 and our plans for the conference — including educational sessions, panel discussions, roundtables, and more — visit www.MarshatRIMS.com.

Related to:  Cyber Risk , Cyber Risk

Thomas Reagan

Tom oversees client advisory and placement services for cyber risk throughout the U.S. He also serves as the senior cyber advisor for some of Marsh’s largest clients.