Skip to main content
Marsh logo

Article

The critical need for cyber insurance in asset management: Why asset managers should act now

With some asset managers viewing cyber insurance as a discretionary expense, we examine common misconceptions amid growing cyber threats.

20/02/2025 · 4 minute read

In today’s digital landscape, the financial services sector — and particularly asset management — faces escalating cyber threats. Despite these risks, many asset managers remain reluctant to invest in cyber coverage. Although there has been rising insurance uptake in the space in recent years, there are still firms that perhaps view it as a discretionary expense. While this viewpoint may be true from a purely legal or regulatory perspective, investing in insurance is becoming increasingly essential, given growing cyber threats.

Understanding the cyber risk landscape

Asset managers operate in two main areas: retail-focused firms that handle large amounts of sensitive client data (including personal information), intellectual property, and financial records, and institutional investors that may hold less sensitive data.

However, both types of asset managers face cyber risk. Retail-focused firms are especially vulnerable to data breaches and ransomware attacks due to the valuable personal data they manage, while institutional investors, despite handling less sensitive data, are not immune to these threats.

Conversely, institutional investors, while they may not hold extensive personal data, still possess important proprietary information and financial assets that can attract cybercriminals. As bad actors become more sophisticated in their approach, the potential for cyber incidents increases across the board, both in terms of frequency and severity.

The International Monetary Fund highlighted that the financial sector is one of the most targeted industries for cyberattacks, making it essential for all asset managers to seriously consider and quantify their exposure to cyber risk, as well as understand how insurance can play a critical role in protecting their balance sheets.

Common misconceptions about cyber insurance

Organisations opt to forgo cyber insurance for various reasons, including:

  1. The belief that certain organisations are not targets: Some asset managers think that their size or focus makes them less appealing to cybercriminals. This misconception is especially prevalent among non-retail-focused asset managers that do not handle large amounts of personal data. However, bad actors often target these firms, assuming they may have weaker cybersecurity measures and are “low-hanging fruit”. In reality, every asset manager, regardless of size or data type, is a potential target. The cost of rebuilding IT systems, for example, can be hugely expensive, and even firms that are not data-heavy can incur significant expenses, particularly when sensitive corporate data holds so much value.
  2. The perception that cybersecurity measures are adequate: While strong cybersecurity protocols are essential, they are not infallible. Even the most secure systems can be breached, given the sophistication of some attacks. Additionally, many cyber losses may result from non-malicious events outside an organisation’s control, such as supply chain disruptions or system failure. For instance, 200 pension schemes were recently affected by the MoveIt hack, resulting in significant costs for each scheme. The right cyber insurance policy provides a safety net for these scenarios, offering financial protection against such events.
  3. The view that cyber insurance is too expensive: The cost of cyber insurance can seem high, particularly for smaller firms. However, the cyber insurance market has stabilised, with many previously hesitant insurers re-engaging. Furthermore, the financial consequences of a cyber incident — such as legal fees, incident response costs, ransom payments, the subsequent business interruption losses, and damage to reputation — can far exceed the insurance cost. Investing in cyber insurance is a proactive step that can help firms avoid significant losses.
  4. The opinion that cyber insurance is complicated: The complexity of cyber insurance policies can discourage asset managers from seeking coverage. Many firms struggle to understand the business interruption (BI) aspect of cyber insurance, which covers the loss of income due to a cyber incident disrupting operations. Recognising that cyber policies can provide coverage for business interruption is essential, as it helps firms manage the financial impact of downtime. Working with an experienced broker can clarify the process, offer expert guidance on the types of coverage available, and help tailor a policy that meets the specific needs of an asset management firm.

The consequences of inaction

Failure to secure cyber insurance can have serious consequences for asset managers. Those who have purchased coverage benefit from the insurance itself and the wider value-added services accompanying it, such as modelling, assistance with incident management, and access to an insurer vendor panel during an event. A data breach or ransomware attack can lead to significant financial losses, regulatory scrutiny, business interruption, and damage to client trust. The reputational harm from a cyber incident can take years to recover from, potentially resulting in lost business opportunities and a weakened market position.

How Marsh can help

Marsh is a leader in risk management and insurance solutions, with extensive experience in the financial services sector and in developing cyber risk strategies. By partnering with Marsh, asset managers can benefit from:

  • Tailored solutions: Marsh understands the unique challenges asset managers face and can provide customised cyber insurance that addresses specific risks as well as response and recovery needs.
  • Expert guidance: Marsh’s team of experts can help asset managers navigate the complexities of cyber insurance, ensuring they understand their coverage options and the importance of risk mitigation. Recommendations are backed by data.
  • Proactive risk management: Beyond insurance, Marsh offers risk management services that can help asset managers strengthen their cybersecurity posture and response capabilities, reducing the likelihood of a breach and the associated costs, and set risk mitigation priorities.
  • Incident management: Our cyber incident management team can help review your current cyber incident response plan, support you during and after an incident, and assist with an insurer vendor panel review.

Cyber insurance in asset management is a growing necessity

In today’s digital environment, the need for cyber insurance in asset management is more important than ever. Asset managers must overcome misconceptions and understand that not holding large amounts of personal data does not exempt them from the need for cyber insurance. Protecting their firms against cyber threats is vital for maintaining operations and ensuring long-term success.

By consulting with Marsh, asset managers can secure the coverage they need to protect their clients and effectively manage an increasingly risky digital environment. By acting now, organisations can safeguard their future.

Our people

Placeholder Image

Martyn Redfern

Client Executive – Financial Institutions, FINPRO

  • United Kingdom

Lauren Irwin

Lauren Irwin

UK Retail Cyber Sub-Team Leader, Marsh Specialty

  • United Kingdom

Related insights

Analysing financial data with a pen

Video

Are fintechs overpaying for insurance?

10/02/2025
Communication technology for internet business. Global world network and telecommunication on earth cryptocurrency and blockchain and IoT. Elements of this image furnished by NASA

Article

Protecting privilege: Between a rock and a hard place

10/02/2025
Placeholder Image

Article

Causes of policy coverage disputes in financial lines claims

15/01/2025
Placeholder Image

Report

US bad faith claims

04/12/2024
View more