Benchmarking cyber resilience through stronger controls – Airmic and Marsh report
Most organisations deploy at least five basic account monitoring and protection controls, according to data within a new cyber resilience report published by Airmic in association with Marsh.
Moves to improve cyber hygiene through stronger governance, systems and controls can help an organisation demonstrate to its insurer that it has a better a better grasp of cyber risk, as well as boosting the strength of risk management and resilience more generally.
That’s according to a new research paper on building cyber resilience, published in April 2023 by Airmic, in association with insurance broker Marsh.
Insurers are increasingly selective about the risks they underwrite, amid increased cyber-attacks and related claims, the report emphasises. Adopting cyber risk controls can be crucial in determining terms and pricing – and even whether coverage is secured at all.
“Organisations that understand the drivers of cyber risk and opportunity in the context of key stakeholders and their sector will be better equipped to successfully navigate the complexities of the evolving cyber threat landscape,” said Julia Graham, CEO of Airmic.
As with any risk, taking time to understand your cyber risk profile and how this compares to peers across a sector can reap material dividends, Airmic’s chief executive noted.
Nine out of ten clients deployed these five basic account monitoring and protection controls, according to analysis of data from Marsh UK clients conducted by the Marsh McLennan Cyber Risk Analytics Center.
- Account monitoring: Accounts are disabled upon termination of an employee
- Protection capabilities: Incoming emails are filtered/ scanned for malicious attachments and links
- Account monitoring: Minimum password requirements are in place
- Protection capabilities: Anti-malware solutions are installed on at least 75% of endpoints and are regularly updated
- Protection capabilities: Firewalls are configured to prevent unauthorised access, and the firewall configurations are reviewed at least annually.
“Presenting your organisation to insurers in the best possible way, demonstrating knowledge and awareness of the relevant risks and controls, makes good business sense — and is more likely to achieve cyber insurance cover at a price you are prepared to pay,” Julia said.
“In turn, controls built on proactive, threat-led cyber security solutions and well-rehearsed and realistic crisis scenarios can prevent increasingly capable criminals from forcing your business into situations that are difficult to navigate.
“In the long term, this approach will also prove the most effective and sustainable in building a secure, compliant, and resilient organisation in the digital age,” Julia added.