Cyber Catalyst

Today, cyber risk presents a persistent and rapidly evolving threat to organizations across all industries. While the $150 billion cybersecurity marketplace offers many protections, understanding the available products and solutions is critical to informing risk management strategies and cybersecurity investments. 

Recognizing innovation and efficacy, the Cyber Catalyst by Marsh® program leverages the aggregated knowledge of leading cyber insurers to evaluate the effectiveness of cybersecurity products and solutions in reducing cyber risk.

Meeting an important market need

As the complex cyber threat environment and business risk landscape continue to evolve, navigating the cybersecurity marketplace is increasingly challenging. The Cyber Catalyst by Marsh® program is designed to provide organizations with greater clarity and confidence in choosing cybersecurity products in the face of growing uncertainty.

Delivering valuable insight into the market and insurer responses to cyber incidents, the program brings together leading insurers — including Allianz; AXA XL, a division of AXA; AXIS; Beazley; CFC; Munich Re; Sompo International; and Zurich North America — to evaluate cybersecurity products and services and designate “Cyber Catalysts,” those products and solutions deemed effective at reducing cyber risk.

Evaluation criteria and process

Now in its third year of Cyber Catalyst designees, the Cyber Catalyst program is characterized by a two-phase designation process, where participating insurers evaluate over 90 cybersecurity products and solutions. The most recent round targeted products and solutions in the following top five threat categories identified by the participating insurers: ransomware, supply chain/vendor management, cloud migration and management, social engineering, and privacy regulation/data collection. The candidate products and solutions are being evaluated along the following criteria:

  • Reduction of cyber risk: Demonstrated ability to address major enterprise cyber risk such as data breach, theft, or corruption; business interruption; or cyber extortion. 
  • Key performance metrics: Demonstrated ability to quantitatively measure and report on factors that reduce the frequency or severity of cyber events. 
  • Viability: Client-use cases and successful implementation. 
  • Efficiency: Demonstrated ability of users to successfully implement and govern the use of the product to reduce cyber risk. 
  • Flexibility: Broad applicability to a range of companies/industries. 
  • Differentiation: Distinguishing features and characteristics. 

In designating the Cyber Catalysts, the insurers vote independently on each solution. Marsh does not participate in Cyber Catalyst designation decisions.

Insurance policies and endorsement wordings

Organizations that adopt Cyber Catalyst-designated solutions may be considered for enhanced terms and conditions on individually negotiated cyber insurance policies with participating insurers.  

Marsh has worked with each participating insurer to establish endorsement wordings that reflect coverage enhancements that those insurers might offer to Marsh clients that adopt one or more Cyber Catalyst designated solution.

Implementation principles

When considering potential policy enhancements, participating insurers will expect organizations to implement Cyber Catalyst-designated products or services in a certain manner. To that end, participating insurers work with vendors whose solutions are Cyber Catalyst-designated to develop “implementation principles” for each product or service.  

Disclaimer: The Cyber Catalyst designation is not a guarantee of performance or certification of cybersecurity prevention or protection. The “Cyber Catalyst" designation reflects the consensus view of Cyber Catalyst-participating insurers that the product or service can be effective in reducing cyber risk. Those insurers express no view on the scope, terms or pricing of those products or services. The decision to use a third-party vendor's product or service with the Cyber Catalyst designation is made solely by customers that purchase and/or use the product or service. Neither Marsh nor any participating insurer(s) shall be a party to, or be subject to any obligations or liabilities set forth in, any agreement entered into between any vendor and its customer. Third-party cybersecurity vendors are not agents of Marsh or any participating insurer. Marsh and participating insurers make no warranties or guarantees of any kind, express or implied, and assume no liability arising out of or relating to any service or product rendered or provided by any vendor to its customer.