Skip to main content

Cyber resilience: 12 key controls to strengthen your security

Take practical steps to build your cyber resiliency with Marsh’s four-part series on the 12 recommended cybersecurity controls, including their characteristics and requirements.

Cyberattacks continue to dominate news headlines, driven by a surge in ransomware events, which increased by an overwhelming 148% in 2021. The perpetrators of these attacks now demand multimillion-dollar ransom payments as they cripple a business’s operations, bringing them to a standstill until a payment is made.

As cyberattacks become more prolific, related insurance claims follow, meaning underwriters have been able to identify a correlation between certain controls and corresponding cyber incidents. Through this analysis and the continuous examination of relevant data points, the insurance industry has a rich understanding of the technical steps that organisations can take to build their cyber resiliency.

However, due to the growth in attritional losses, consequently insurers are now taking a much more cautious position. Insurers are tightening their underwriting terms, carefully analysing all cyber insurance applications, and asking more questions than ever before about an applicant’s cyber operating environment and risk controls.

The adoption of certain controls has now become a minimum requirement of insurers, with organisations’ potential insurability on the line. Organisations are undoubtedly placing more emphasis on controls than ever before to help mitigate their ransomware risks and improve their overall cybersecurity position and resilience.

Organisations are recommended to implement a number of cyber hygiene controls that are key to achieving cyber resilience and insurability.

12 cyber security controls

While these controls have been established best practice for several years, some companies are still struggling to adopt them — most often because they have been unable to justify the cost of implementation, did not deploy them comprehensively, or did not understand or see the need for controls. In many regulated industries where cyber resilience controls have been required for years, the effort was often more about checking a box, than enhancing security.

Take action now

Marsh has recommended 12 key cybersecurity controls providing practical deep dives into their characteristics and requirements. Download our report to start building your organisation’s cyber resilience.

In addition, Marsh’s Cyber Self-Assessment diagnostic empowers your organisation to evaluate your maturity in relation to these controls, and your cybersecurity program in general. Based on the NIST cybersecurity framework, this online diagnostic tool is a robust, secure yet easy to use form that allows different functions within the same organisation to contribute their input. The diagnostic scorecard and report is useful both to prepare for insurance underwriting submissions and also to identify vital areas of improvement.

Take practical steps to understand and build your cyber resiliency with Marsh’s 12 recommended cybersecurity controls and our Cyber Self-Assessment diagnostic.