Cyber Risk Quantification

Your cyber risk management strategy begins here.

About 9 in 10 businesses in Asia fail to quantify their exposure to cyber risks, according to Marsh-Microsoft's The State of Cyber Resilience report. The lack of a quantitative assessment on cyber risk can potentially lead to underinsurance, and impact cyber insurance premium and terms and conditions.

Quantifying cyber risk exposures requires specialised expertise. However, 8 in 10 organisations cited ‘lack of talent’ as the primary reason for not doing so. By working with Marsh Asia, companies can leverage a team of cyber risk advisors, forensic accountants, actuaries and claims consultants with deep technical expertise and industry experience. Our proven six-step approach can provide concrete answers to these questions from key stakeholders:

• Chief Executive Officer: What is my expected financial loss in case of a cyber event? 
• Chief Financial Officer: How do we optimise our cybersecurity spending?
• Chief Risk Officer: What cyber insurance do I need? Will the limit be enough?

Marsh Asia’s 6-step Cyber Risk Quantification approach

Marsh Asia's 6-step Cyber Risk Quantification approach can do more than just assigning a cost- and dollar-value to your cyber risk exposures: Our dedicated experts are here to guide you on your cyber risk management journey — from understanding your current cyber risk landscape to implementing an appropriate cyber risk transfer strategy.

Step 1: Qualitative cyber risk assessment

The process begins with a comprehensive review of your organisation's current cybersecurity situation and validating your current cybersecurity maturity level against industry standard.

Step 2: Threat landscape mapping

This step identifies current cyber threats by mapping the trail that your organisation leaves behind digitally, identifying vulnerabilities and gathering actionable intelligence in line with industry best practice.

Step 3: Cyberattack scenario formulation

Based on our findings on your cyber risk exposures, Marsh Asia defines worst-case loss scenarios (e.g. a data breach event involving the entire client database) that can impact your business.

Step 4: Quantify impacts and financial exposures

Marsh Asia’s forensic accountants proceed to define the associated financial losses as well as cyber risk transfer requirements for your organisation.

Step 5: Cyber insurance program analysis

We analyse your current cyber insurance program structures and propose an optimised structure taking into account Total Cost of Risk (TCOR).

Step 6: Cyber insurance placement (optional)

Marsh Asia manages the placement of cyber insurance to cover your quantified risk exposure, calibrating your level of coverage based on the defined risk.

As part of the process, Marsh Asia will produce a comprehensive report detailing the methodology used, the risk quantification process and considerations, and the outcomes and recommendations.