Cyber Risk

Site language selector

Canada(English) Canada(English)
Canada (Français) Canada(French)
United States(English) United States(English)
Brasil (Português) Brazil(Portuguese)
Argentina(Español) Argentina(Spanish)
Chile(Español) Chile(Spanish)
Colombia(Español) Colombia(Spanish)
República dominicana(Español) Dominican Republic(Spanish)
Mexico(Español) Mexico(Spanish)
Panamá(Español) Panama(Spanish)
Perú(Español) Peru(Spanish)
Puerto Rico(Español) Puerto Rico(Spanish)
Puerto Rico(English) Puerto Rico(English)
Uruguay(Español) Uruguay(Spanish)
Venezuela(Español) Venezuela(Spanish)
China(English) China(English)
China(Chinese) China(Chinese)
Hong Kong SAR(English) Hong Kong SAR(English)
India(English) India(English)
Indonesia(English) Indonesia(English)
Korea(English) Korea(English)
Malaysia(English) Malaysia(English)
Philippines(English) Philippines(English)
Singapore(English) Singapore(English)
Taiwan(English) Taiwan(English)
Taiwan(Chinese) Taiwan(Chinese)
Thailand(English) Thailand(English)
Vietnam(English) Vietnam(English)
Japan(English) Japan(English)
日本(日本語) Japan(Japanese)
United Kingdom(English) United Kingdom(English)
Ireland(English) Ireland(English)
Austria(English) Austria(English)
Österreich (Deutsch) Austria(German)
Azerbaijan(English) Azerbaijan(English)
Belgium(English) Belgium(English)
Belgique (Français) Belgium(French)
België(Nederlands) Belgium(Dutch)
Bulgaria(English) Bulgaria(English)
Croatia(English) Croatia(English)
Cyprus(English) Cyprus(English)
Czech Republic(English) Czech Republic(English)
Czech Republic(Czech) Czech Republic(Czech)
Denmark(English) Denmark(English)
Denmark(Danish) Denmark(Danish)
Estonia(English) Estonia(English)
Finland(English) Finland(English)
France(English) France(English)
France (Français) France(French)
Germany(English) Germany(English)
Deutschland (Deutsch) Germany(German)
Greece(English) Greece(English)
Hungary(English) Hungary(English)
Hungary(Hungarian) Hungary(Hungarian)
Israel(English) Israel(English)
Italy(English) Italy(English)
Italia(Italiano) Italy(Italian)
Kazakhstan(English) Kazakhstan(English)
Kazakhstan(Kazakh) Kazakhstan(Kazakh)
Kazakhstan(Russian) Kazakhstan(Russian)
Latvia(English) Latvia(English)
Lithuania(English) Lithuania(English)
Luxembourg(English) Luxembourg(English)
Luxembourg(Français) Luxembourg(French)
Netherlands(English) Netherlands(English)
Nederland(Nederlands) Netherlands(Dutch)
Norway(English) Norway(English)
Poland(English) Poland(English)
Poland(Polish) Poland(Polish)
Portugal(English) Portugal(English)
Portugal (Português) Portugal(Portuguese)
Romania(English) Romania(English)
Romania(Romanian) Romania(Romanian)
Serbia(English) Serbia(English)
Slovakia(English) Slovakia(English)
Slovakia(Slovak) Slovakia(Slovak)
Slovenia(English) Slovenia(English)
Spain(English) Spain(English)
España (Español) Spain(Spanish)
Sweden(English) Sweden(English)
Turkey(English) Turkey(English)
Turkey(Turkish) Turkey(Turkish)
Ukraine(English) Ukraine(English)
Botswana(English) Botswana(English)
Malawi(English) Malawi(English)
Namibia(English) Namibia(English)
Nigeria(English) Nigeria(English)
South Africa(English) South Africa(English)
Uganda(English) Uganda(English)
Zambia(English) Zambia(English)
Bahrain(English) Bahrain(English)
Egypt(English) Egypt(English)
Morocco(English) Morocco(English)
Maroc(Français) Morocco(French)
Oman(English) Oman(English)
Qatar(English) Qatar(English)
Saudi Arabia(English) Saudi Arabia(English)
Tunisia(English) Tunisia(English)
United Arab Emirates(English) United Arab Emirates(English)
Australia(English) Australia(English)
New Zealand(English) New Zealand(English)
Papua New Guinea(English) Papua New Guinea(English)
Fiji(English) Fiji(English)

Cyber risk is not simply a security or technology issue. Rather, it is an enterprise-wide, strategic business issue. There is no single, one-size-fits-all path to cyber resilience. As the scale, frequency, and economic impact of cyber events continue to grow, organizations must regularly reconsider and optimize their cyber risk strategies.

For more than 25 years, Marsh’s Cyber Practice has been a global leader in cyber risk and cybersecurity consulting, helping our clients understand, measure, and manage their cyber risk. Our core capabilities include:

Risk intelligence: Threat intelligence, risk-based economic modeling, and quantification tools to inform data-driven decision-making.
Insurance: Proprietary programs, products, and tools to inform and optimize cyber risk transfer.
Incident management: Preparation, management, and response capabilities to drive effective and efficient outcomes.
Cybersecurity: Product, service, and provider assessments, plus placement support, to reduce cyber indecision risk.

Whether you need help building an insurance program from the ground up or identifying best-for-you cyber vendors, Marsh advisors are your objective, insightful guides to help you navigate key moments on your cyber journey and build lasting resilience.

Cyber Insurance

03/22/2023

Risk Intelligence

11/08/2022

Cyber Incident Management

06/07/2022

Cybersecurity

03/16/2023

Podcast

Risk in Context Podcast: Debunking common cyber insurance myths

03/28/2023

Article

Strengthen cybersecurity with 12 key controls

01/26/2023

Article

Addressing catastrophic cyber risk

12/16/2022

Article

Signs of improvement in third quarter of 2022

10/07/2022

FAQs

Cyber insurance can help an organization recover losses and associated costs resulting from:

Large-scale breaches
Business interruption
Ransomware
Other types of cybersecurity attacks

Comprehensive cyber insurance coverage can provide you with resources and reimbursement for items such as:

Legal fees
Incident preparation and response support
Employee training
Forensics services
Breach notification services

Such insurance policies can also offer you balance sheet protection for first- and third-party costs and liabilities such as:

Lost revenue and extra expenses
Regulatory fines and penalties
Data and hardware restoration and repair
Reputational harm

Any company or public sector entity that uses technology or data faces cyber risk, and the list of cyber risks challenging organizations today is expanding exponentially. Ransomware, for instance, is increasing in frequency, severity, and sophistication. But it’s just one of many cyber risks to be understood, measured, and managed.

With cyber insurance, you can create a tailored coverage program that transfers risk out of your organization and reduces balance sheet impact and volatility resulting from cyberattacks.

Having a comprehensive cyber risk insurance program in place — complemented by a risk management program — has never been more important to help your organization properly manage its risk.

The cybersecurity attacks dominating the headlines today are largely insurable. In those cases where companies bought insurance, coverage responded, and claims were paid.

While terms and conditions can vary, a cyber insurance policy can include comprehensive coverage in advance of, during, and after a ransomware attack. It may cover, but is not limited to, incident response planning, breach notification services, and restoration and repair.

Businesses responding to a recent survey indicated that the most common attacks they faced were ransomware, phishing/social engineering, and privacy breaches. The same survey also revealed that nearly 75% of those organizations had experienced a breach in the past year.

Here’s what you should understand about these trends in relation to your own risk management.

Ransomware: Ransomware attacks are increasing in frequency, severity, and sophistication. These incidents not only have the potential to shut down day-to-day operations, but can also expose your business to the legal, reputational, and financial consequences of data leaks.
Phishing/social engineering: Specifically, employees working from home have dramatically expanded the cyberattack surface and made these types of attacks far more common.
Privacy risk: Privacy regulations are intensifying, and many organizations lack a comprehensive approach to managing them. While the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are the most notable in the US, other comprehensive consumer data privacy laws must be accounted for. With each new law introduced, more consumers are covered — and the regulatory exposure footprint for enterprises increases dramatically.

Any organization that uses technology or data has potential cybersecurity exposure. The list of cyber risks is endless, and disruptions to your business can have an enormous impact on your operations and the bottom line. But cyber, like any business risk, can be understood, measured, and managed.

When it comes to managing cyber risk and threat exposures, companies typically gravitate toward technology solutions, including cybersecurity hardware and software, cybersecurity consulting and penetration testing services, and cyber risk scorecards. However, despite spending millions, most organizations lack a true view of organizational cyber risk and its potential economic and operational impact on their business.

Our clients look to us for our unique ability to help them better manage cyber risk throughout their organization and improve their resilience. We can help you:

Quantify your cyber risk exposures with scenario-based loss modeling.
Benchmark potential cyber event losses and costs.
Consider the effectiveness of cybersecurity controls from a financial perspective.
Assess the economic efficiency of multiple cyber insurance program structures.