Cyber Risk

Cyber is a global risk. Marsh can help you confidently understand, measure, and manage it.

Cyber is an enterprise-wide, strategic business risk that threatens the confidentiality of information, the availability of networks, and the integrity of data and systems.

Threat actors are active adversaries, constantly evolving to take advantage of society’s increasing dependence on digital systems and emerging technologies. Your organization should approach managing cyber risk as one team, inclusive of business, security, operational, and risk experts.

As specialists in enterprise risk and in cyber, we can help you take an enterprise-wide approach in building your cyber resilience. Together, we identify your risks, and work with you to develop a program tailored to your circumstances. We inform your approach and decision-making process with our more than 25 years of cyber experience and data-driven insights. By doing so, your path to cyber resilience can be more productive and predictive and your outcomes more efficient and effective.

Financial diagrams representing data and analytics in a business context Generative AI

Webcast

05/22/2025

US cyber insurance market update: Rates decrease, threats evolve

Learn more about the latest trends in the US cyber insurance market to enhance your cyber controls and manage emerging risks effectively.

Digital security technology concept lock on circuit board

Article,Featured insight

05/16/2025

Retailer Cyber Incidents

Recent cyberattacks have targeted retailers, with indications that the threat group known as Scattered Spider may be behind this campaign.

Article,Featured insight

05/14/2025

Understanding cyber events: A model for reducing frequency and increasing resilience

This study analyzes data and explores how it can inform models of potential cyber risk frequency.

FAQs

Cyber insurance can help an organization recover losses and associated costs resulting from large-scale breaches, business interruption, ransomware, and other types of cyberattacks.

Comprehensive cyber insurance coverage can provide you with resources and reimbursement for items such as legal fees, incident preparation and response support, employee training, forensics services, and breach notification services. Such insurance policies can also offer you balance sheet protection for first- and third-party costs and liabilities such as lost revenue and extra expenses, regulatory fines and penalties, data and hardware restoration and repair, and reputational harm.

Any company or public sector entity that uses technology or data faces cyber risk. The list of cyber risks challenging organizations today is expanding exponentially. Ransomware, for instance, is increasing in frequency, severity, and sophistication. But it’s just one of many cyber risks to be understood, measured, and managed.

With cyber insurance, you can create a tailored coverage program that transfers risk out of your organization, as well as reduces balance sheet impact and volatility resulting from cyberattacks.

Having a comprehensive cyber risk insurance program in place, complemented by a risk management program, has never been more important to help your organization appropriately manage its risk.

The cyberattacks dominating the headlines today are largely insurable. In those cases where companies bought insurance, coverage responded and claims were paid.

While terms and conditions can vary, a cyber insurance policy can include comprehensive coverage in advance of, during, and after a ransomware attack. It may cover, but is not limited to, incident response planning, breach notification services, and restoration and repair.

When it comes to cyber risk, businesses responding to a recent survey indicated they are most concerned about ransomware, regulatory risk, and supply chain risk. But only 18% of respondents indicated that they are highly prepared for cyber risk (Marsh Risk Resilience Report 2021).

Here’s what you should understand about these trends in relation to your own risk management.

Ransomware: Ransomware attacks are increasing in frequency, severity, and sophistication. These incidents not only have the potential to shut down day-to-day operations, but can also expose your business to the legal, reputational, and financial consequences of data leaks.
Regulatory risk: Privacy regulations are intensifying, and many organizations lack a comprehensive approach to managing them. Compliance requirements are proliferating, while fines continue to grow. General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Biometric Information Privacy Act (BIPA) represent a handful of the many global, regional, and industry regulations with which companies may need to comply.
Supply chain: Attacks on the supply chain present an opportunity for an attacker to compromise many downstream organizations through a single entry point, making it an enticing target. As more organizations modernize and digitize, they open themselves up to more cyber risk.

Any organization that uses technology or data has a cyber risk exposure. The list of cyber risks is endless, and disruptions to your business can have an enormous impact on your operations and the bottom line. But cyber, like any business risk, can be understood, measured, and managed.

When it comes to managing cyber risk and threat exposures, companies typically gravitate toward technology solutions, including security hardware and software, cyber consulting and penetration testing services, and cyber risk scorecards. However, despite spending millions, most organizations lack a true view of organizational cyber risk and its potential economic and operational impact on their business.

Our clients look to us for our unique ability to help them better manage cyber risk throughout their organization and improve their resilience. We can help you quantify your cyber risk exposures with scenario-based loss modeling, benchmark potential cyber event losses and costs, consider the effectiveness of cybersecurity controls from a financial perspective, and assess the economic efficiency of multiple cyber insurance program structures.

Cyber Risk

Cyber is an enterprise-wide, strategic business risk that threatens the confidentiality of information, the availability of networks, and the integrity of data and systems.

Our expertise

Featured insights

US cyber insurance market update: Rates decrease, threats evolve

Retailer Cyber Incidents

Understanding cyber events: A model for reducing frequency and increasing resilience

FAQs

Marsh.com Sign in

Cyber Risk

Cyber is an enterprise-wide, strategic business risk that threatens the confidentiality of information, the availability of networks, and the integrity of data and systems.

Our expertise

Featured insights

US cyber insurance market update: Rates decrease, threats evolve

Retailer Cyber Incidents

Understanding cyber events: A model for reducing frequency and increasing resilience

Marsh is honored to be named 2024 Cyber Retail Broker Leader of the Year by Zywave.

FAQs

What is cyber insurance and what does it cover?

Who needs cyber insurance?

Does cyber insurance pay claims for evolving risks like ransomware?

What cyber trends are challenging companies today?

What if my organization doesn't have a cyber risk exposure?

How can cyber risk be managed?

Talk to us