Here's How Marsh Is Joining the Fight Against Cybercrime



Cybersecurity is a major concern for everyone, from individuals to businesses. As our world becomes ever more connected, the potential for criminals to access our data and systems grows in kind.

In the first half of 2019 alone, data breaches exposed some 4.1 billion records and 68% of business leaders feel that cybersecurity risk is increasing. However, only 5% of companies are adequately protected. This is perhaps why spending on cybersecurity solutions is predicted to reach $133.7 billion by 2022.

With the average cost of a data breach sitting at around $3.92 million as of 2019, it is this increased risk that is motivating insurance companies to step in and offer new ways to help their clients mitigate the losses associated with cybersecurity. Marsh is just one such company and has recently expanded its cyber-risk offering in response to the increased threat of cybercrime.

Cyber Insurance

The cyber insurance market is continuing to grow and there are plenty of discussions to be had about its role in the fight against digital crime. Its ability to act as a risk mitigation tool and to respond to rapidly evolving threats are chief among them.

Not all the discussions are positive, with some media outlets arguing that the mere presence of cyber insurance could incentivize ransomware-based extortion, as criminals know the money is available to be paid out. However, insurance brands such as Marsh argue that this is not the case and that ransomware attacks are on the up simply because they are consistently proving to be successful. Instead of being part of the problem, Marsh argues that cyber insurance benefits those businesses which are at risk by pooling them together and spreading their potential losses.



Marsh also argues that this prevailing attitude in the media of insurance as an enabler of extortion is based on a faulty grasp of the facts:

  • Ransomware victims are rarely "targeted." More often, attackers target a specific but widespread vulnerability that will distribute ransomware to the maximum number of potential victims.
  • Insurance hardly creates an incentive for extortionists. Ransomware demands usually top out at five figures. For many businesses, that cost is a nuisance.
  • Although no one wants to support cybercriminals, organizations are forced to weigh the option of paying ransomware demands against the risk of operational disruptions that could last weeks or months and cost far more, as well as the impact on customers, reputation, and business continuity.
  • Insurers do not make decisions about whether to pay extortionists — the insurance buyer always makes the final call. If an insured declines to pay, the insurer supports it, paying network recovery costs and reimbursing it for income lost as a result of the attack.

It is these reasons and more that have led Marsh to expand its cyber insurance offering with an enhanced cyber risk suite.

Marsh

The new suite includes cyber risk quantification consulting capabilities, which are designed to help clients gain new levels of insight into their cybersecurity investments. Knowledge is power, and any additional support companies can get in this regard is likely to be welcomed.

The suite is powered by Blue[i] Cyber, a cyber risk analytics engine that integrates the company's cyber risk quantification models with X-Analytics, a cyber risk model from Secure Systems Innovation Corporation (SSIC) for which Marsh is the exclusive insurance broker and risk consulting provider. The suite will empower Marsh clients to evaluate the effectiveness of cybersecurity controls and prioritize risk mitigation accordingly. It will also allow them to use data to create hypothetical scenarios and test the effectiveness of their existing and prospective cybersecurity investments, all while removing technical jargon and allowing board-level conversation.

"Although cyber often ranks high on risk agendas, many organizations struggle to understand how their cybersecurity strategy impacts their financial exposure to cyber risk," said US Cyber Risk Consulting Practice Leader for Marsh, Reid Sawyer. "With Marsh's enhanced quantification consulting capabilities, clients will be able to gain greater clarity into the impact their cybersecurity investments have on risk reduction and make more informed cyber risk capital allocation decisions."

Final Thoughts

The threat of cybercrime to business isn't going anywhere. The impetus on all sectors of industry to do their part to battle it. Far from being the enablers some media outlets would paint them to be, cyber risk insurance brands such as Marsh are expanding their capabilities to further strengthen their clients against this ever-expanding threat.

You can hear Marsh's SVP of Operations and Project Management for Global Affinity, Kevin Charpentier, and SVP for Digital, Product & Analytics, Sandip Chatterjee, speak at Digital Insurance 2020, taking place in July at the Renaissance Chicago, IL.

Download the agenda today for more information and insights.



WBR Insights is the custom research division of Worldwide Business Research (WBR). Our mission is to help inform and educate key stakeholders with research-based whitepapers, webinars, digital summits, and other thought-leadership assets while achieving our clients' strategic goals.

Return to Blog