Skip to main content

Analytics for Cyber Decision-Making

Cyber IDEAL quantifies the likelihood that a company will incur a breach and its potential severity, helping determine insurance limits and retentions.

Although no one can predict when a privacy breach or cyber-attack will occur, Marsh’s Cyber IDEAL (Identify Damages, Evaluate, and Assess Limits) model quantifies for risk managers and other executives the likelihood that their company will incur a breach and its potential severity. By customizing its analysis for business sectors and revenue bands, Cyber IDEAL mitigates the guesswork often associated with insurance-purchasing decisions. While every company’s approach to cybersecurity is different, Marsh Global Analytics and Marsh’s FINPRO Practice developed the model to assist all firms in determining the most appropriate insurance limits and retentions for them.

Who It's For

  • Risk managers and others involved in the day-to-day purchasing of insurance.
  • CFOs, treasurers, and other senior executives who need analytical data to support their defensive cyber decision-making with their board of directors.
  • Companies that want to improve their analytical modeling of cyber risks.

What You Get

  • Data-driven support for cyber decision-making.
  • Ability to judge whether a data breach may exceed the limit of liability under a cyber liability policy.
  • A range of potential outcomes from a data-breach event, and a breakdown of potential costs for each outcome.
  • Industry-specific analytical cyber data.

How It Works

Cyber IDEAL examines the potential for an unauthorized disclosure and estimates the likely cost per breach. Using US historical breach information dating back to 2005, the model determines the frequency and severity of cyber incidents using a one-year probability of a data-breach event. Data sources include Marsh’s proprietary cyber database, Privacy Rights Clearinghouse’s Chronology of Data Breaches, and Adviser’s online large-loss database, MSCAd.

The probability of a data-breach event is correlated with a company’s industry and revenue size. Companies with higher revenue tend to face a higher probability of a data breach due to their size and the perception that they have more records, and thus more targets. Generally, if a company has had prior data-breach events, there is a higher likelihood it will have another. And companies with less robust data security face an increased risk of a breach.

FAQs

Knowing what kinds of insurance solutions exist is half the battle in providing an effective corporate defense against cyber-attacks, but it is equally important to figure out how these risk transfer solutions match up against a firm’s coverage needs.

Whether a firm is evaluating the costs of legal defense and third-party liability, or simply looking for more tools to reduce the uncertainty surrounding a data breach, Cyber IDEAL can help. Factors to consider:

  • Is there a written cybersecurity risk management strategy?
  • Does the insurance policy exclude data breaches?
  • Does it provide coverage for derivative shareholder claims?
  • Are the current policy limits appropriate for its risk profile?
  • What are the most likely external and internal threats?

As hacker sophistication increases, corporate executives must address the risk. No firm is ever fully prepared for such attacks, but analytical tools such as Marsh’s Cyber IDEAL can provide the decision-making support corporate executives demand. Cyber IDEAL provides the most complete analysis of cyber-privacy-related events by industry.

For many organizations, the model shows that their cyber exposure could far eclipse their average insurance coverage. Having objective analytical cyber-privacy-event data can help risk managers, CFOs, and others determine the right risk management solutions specific to their company’s cyber exposure and size.

Marsh’s team of cyber and risk management colleagues provides an unbeatable combination of hands-on practical know-how and claims expertise. Their industry and risk insights bring a focused approach to reducing a firm’s total cost of risk.

Marsh’s FINPRO Practice assists clients in finding the most appropriate financial and professional liability insurance coverages for them. FINPRO specialists provide insurance consulting services related to claims advocacy, cyber risk liability, initial public offerings, corporate governance, and mergers and acquisition transactions.

Marsh Global Analytics provides a wealth of information that can be tailored to clients’ needs. The team focuses on risk economics, catastrophe bond modeling, general benchmarking and analytical services, and providing global sales support.

FACT SHEET

Analytics for Cyber Decision-Making Fact Sheet