Cyber incident response planning has emerged as an important cybersecurity control in reducing an organisation's likelihood of experiencing a breach-related claim according to a new report from the Cyber Risk Intelligence Center (CRIC) of Marsh McLennan.
The new report Cybersecurity signals: Connecting controls and incident outcomes found that organisations that regularly engage in tabletop exercises and scenario-based breach response drills are 13% less likely to experience a material cyber event than those that do not.
The global professional services firm in the areas of risk, strategy, and people had launched in 2023 a research into the correlation between the 12 cybersecurity controls tracked by the cyber insurance industry and the likelihood of a cyber claim.
Since then, the CRIC has continued to analyse organisations’ cyber control implementation information from Marsh’s Cyber Self-Assessment against claims. This year, cyber incident response planning ranked as the fifth most effective control in decreasing an organisation’s probability of experiencing a breach-based claim, behind network hardening techniques, endpoint detection and response (EDR), logging and monitoring, and cybersecurity awareness training and phishing testing.
Marsh Global Cyber Practice Leader Tom Reagan said, “Marsh has long advocated proactive cyber incident response planning as a tool to help organisations effectively and efficiently respond to and recover from a cyberattack.
He said, “What our latest research confirms is that thoughtful planning also drives secondary benefits like positive security behaviours and strong control implementations, which help build more organisational resilience and reduce breach incidents.”
This year’s report also highlights the importance of effectively deploying and managing other key cybersecurity controls. For instance, the report found that each jump of 25% in EDR deployment across workstations and laptops was correlated with an additional 10% decrease in breach likelihood. Similarly, a multi-factor authentication (MFA) deployment that is resistant to phishing schemes is correlated with a 9% lower breach likelihood than MFA that is not.
Marsh McLennan head of CRIC Scott Stransky said, “Our findings emphasise that simply deploying key cybersecurity controls is no longer enough—these tools must be properly managed and comprehensively used. By drawing on our insights, organisations can make informed decisions to strengthen their security frameworks and help reduce their exposure to cyber risks.”