Skip to main content

Cyber Risk

Assess, quantify, and transfer cybersecurity risk, prepare for and respond to cyberattacks, and maintain lasting cyber resilience.

Cyber risk is not simply a security or technology issue. Rather, it is an enterprise-wide, strategic business issue. There is no single, one-size-fits-all path to cyber resilience. As the scale, frequency, and economic impact of cyber events continue to grow, organizations must regularly reconsider and optimize their cyber risk strategies.

For more than 25 years, Marsh’s Cyber Practice has been a global leader in cyber risk and cybersecurity consulting, helping our clients understand, measure, and manage their cyber risk. Our core capabilities include:

  • Risk intelligence: Threat intelligence, risk-based economic modeling, and quantification tools to inform data-driven decision-making.
  • Insurance: Proprietary programs, products, and tools to inform and optimize cyber risk transfer.
  • Incident management: Preparation, management, and response capabilities to drive effective and efficient outcomes.
  • Cybersecurity: Product, service, and provider assessments, plus placement support, to reduce cyber indecision risk.

Whether you need help building an insurance program from the ground up or identifying best-for-you cyber vendors, Marsh advisors are your objective, insightful guides to help you navigate key moments on your cyber journey and build lasting resilience.

Our expertise

Protect your digital possibility

You need the ability to reshape and rethink your cyber approach in a fast-changing threat landscape. Marsh is your “always-on” cyber partner to help make your path to cyber resilience more productive and predictive, and your outcomes more efficient.


years managing ground-up cyber risk programs


billion+ cyber premiums placed in 2021


dedicated cyber colleagues globally


Cyber insurance can help an organization recover losses and associated costs resulting from:

  • Large-scale breaches
  • Business interruption
  • Ransomware
  • Other types of cybersecurity attacks


Comprehensive cyber insurance coverage can provide you with resources and reimbursement for items such as:

  • Legal fees
  • Incident preparation and response support
  • Employee training
  • Forensics services
  • Breach notification services

Such insurance policies can also offer you balance sheet protection for first- and third-party costs and liabilities such as:

  • Lost revenue and extra expenses
  • Regulatory fines and penalties
  • Data and hardware restoration and repair
  • Reputational harm

Any company or public sector entity that uses technology or data faces cyber risk, and the list of cyber risks challenging organizations today is expanding exponentially. Ransomware, for instance, is increasing in frequency, severity, and sophistication. But it’s just one of many cyber risks to be understood, measured, and managed.

With cyber insurance, you can create a tailored coverage program that transfers risk out of your organization and reduces balance sheet impact and volatility resulting from cyberattacks.

Having a comprehensive cyber risk insurance program in place — complemented by a risk management program — has never been more important to help your organization properly manage its risk.

The cybersecurity attacks dominating the headlines today are largely insurable. In those cases where companies bought insurance, coverage responded, and claims were paid.

While terms and conditions can vary, a cyber insurance policy can include comprehensive coverage in advance of, during, and after a ransomware attack. It may cover, but is not limited to, incident response planning, breach notification services, and restoration and repair.

Businesses responding to a recent survey indicated that the most common attacks they faced were ransomware, phishing/social engineering, and privacy breaches. The same survey also revealed that nearly 75% of those organizations had experienced a breach in the past year.

Here’s what you should understand about these trends in relation to your own risk management.

  • Ransomware: Ransomware attacks are increasing in frequency, severity, and sophistication. These incidents not only have the potential to shut down day-to-day operations, but can also expose your business to the legal, reputational, and financial consequences of data leaks.
  • Phishing/social engineering: Specifically, employees working from home have dramatically expanded the cyberattack surface and made these types of attacks far more common.
  • Privacy risk: Privacy regulations are intensifying, and many organizations lack a comprehensive approach to managing them. While the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are the most notable in the US, other comprehensive consumer data privacy laws must be accounted for. With each new law introduced, more consumers are covered — and the regulatory exposure footprint for enterprises increases dramatically.

Any organization that uses technology or data has potential cybersecurity exposure. The list of cyber risks is endless, and disruptions to your business can have an enormous impact on your operations and the bottom line. But cyber, like any business risk, can be understood, measured, and managed.

When it comes to managing cyber risk and threat exposures, companies typically gravitate toward technology solutions, including cybersecurity hardware and software, cybersecurity consulting and penetration testing services, and cyber risk scorecards. However, despite spending millions, most organizations lack a true view of organizational cyber risk and its potential economic and operational impact on their business.

Our clients look to us for our unique ability to help them better manage cyber risk throughout their organization and improve their resilience. We can help you:

  • Quantify your cyber risk exposures with scenario-based loss modeling.
  • Benchmark potential cyber event losses and costs.
  • Consider the effectiveness of cybersecurity controls from a financial perspective.
  • Assess the economic efficiency of multiple cyber insurance program structures.

Our people

Tom Reagan

Thomas Reagan

Cyber Practice Leader, Marsh

Placeholder Image

Meredith Schnur

Managing Director, US Cyber Brokerage Leader, Marsh

  • United States