Skip to main content

Cyber Self-Assessment

Identify your organisation’s cyber risk gaps and insurability with Marsh’s free cybersecurity risk assessment and report.

The first step to mitigating increasingly frequent and severe cyber threats is knowing the right actions and investments to prioritise. The Marsh Cyber Self-Assessment harnesses proprietary data and analytics capabilities to provide a highly accurate overview of your organisation’s cyber risk maturity and insurability, including strengths, weaknesses and gaps in your cybersecurity controls

The Marsh Cyber Self-Assessment is the only broker diagnostic accepted by insurers for quoting and binding, and is free for all organisations

  • Based on the inputs, the Cyber Self-Assessment report benchmarks your organisation’s cybersecurity controls against your industry peers and highlights the critical improvements required. 
  • Along with a scorecard, you will receive a detailed evaluation of the maturity of your cybersecurity program across the five functions (Identify, Protect, Detect, Respond, Recover) established by US National Institute of Standards and Technology (NIST) Cybersecurity Framework.
  • Your responses to the questionnaire can be used directly on applications for cyber insurance coverage, streamlining the placement process by saving you time needed to fill additional proposal forms. 

How the Marsh Cyber Self-Assessment works

Consisting of a diagnostic questionnaire and report, the Cyber Self-Assessment process is designed to be highly streamlined, secure, and efficient.

The Cyber Self-Assessment questionnaire is designed with the following features:

  • Collaborative and flexible: Multiple participants in your organisation can contribute to the same form simultaneously, with changes tracked on an activity log. Centralising your stakeholders’ inputs into a single application and allowing them to respond at their own convenience helps eliminate inefficiencies, redundancies and version control errors.
  • Easy-to-use: The assessment interface is optimised for user-friendliness, with the ability to save progress and add commentary for additional detail if needed.
  • Highly secure: Access to the form is controlled and login requires multi-factor authentication. Responses are encrypted and securely stored, ensuring a high level of data security and privacy.

Contributors to the Cyber Self-Assessment should include the organisation’s risk management, IT/information security and treasury/finance functions. The process brings together different points of view and serves as a starting point for building an enterprise-wide cyber risk management strategy.