Advancing Cyber Risk Management: From Security to Resilience

New York, NY (July 1, 2019) – Since 2017, risk experts have consistently ranked large-scale cyber attacks and data fraud among the top five mostly likely risks around the world. Despite growing anxieties about cyber threats, cyber resilience strategies and investments continue to lag.

Globally, the time taken to discover a data breach has considerably reduced since 2017, but organizations in the Asia-Pacific region still took four months longer than the global median. Internet users are growing 10 times faster than global population, exponentially increasing the surface area of attack. For example, in 2018, the total cost of cyber-crimes grew by a third – to $600 billion – as compared to 2016, but investments in cybersecurity only managed a 10-percent increase over the same period.

These trends point to a growing imperative and urgency for cyber resilience in the digital age today.

Figure 1: Evolution of cyber threats and their impacts since 2017

Figure 1: Evolution of cyber threats and their impacts since 2017

Figure 1: Evolution of cyber threats and their impacts since 2017

Rapidly evolving threats and infiltration techniques have rendered traditional cyber defence strategies insufficient and ineffective, while the speed of change amplified by the digital transformation cannot be addressed by conventional means. Globally, laws are changing to keep pace as cybercrime evolves, revealing additional layers of fiduciary responsibilities that are necessary for organizations to assume.

As a result, today’s business models should redefine a resilient culture in the workplace as a fundamental strategy, while building cyber resilience from an end-to-end risk management perspective.

This report highlights three strategic imperatives to strengthen cyber resilience:

  • Understand (know your threats) – Identifying organization- and industry-specific cyber threats and regulations calls for robust strategies that include cross-disciplinary considerations.
  • Measure (know yourself) – Quantify the potential financial impact of cyber exposures to compare against the level of risk appetite acceptable to the board. This will determine the amount of investment necessary to mitigate and transfer any residual risk.
  • Manage (know what you can do) – Control and mitigate cyber risks by having clear action plans based on your capabilities and capacities to protect against cyber criminals.

It is inefficient and impractical to expect organizations to be ahead of every attack, but organizations should at least be on par with the fast evolution of cyber threats while ensuring compliance with changing laws and regulations.

Cyber attacks may be inevitable, but system compromises and impactful data breaches do not have to be.

An end-to-end risk management mindset is the essential element that sets resilient organizations apart from the rest in mitigating cyber risks, minimizing damage, and recovering swiftly from any breach incidents.

Download the full report from Marsh & McLennan: Advancing Cyber Risk Management: From Security to Resilience.

Learn more about the report and its authors here.

About Marsh & McLennan Companies

Marsh & McLennan (NYSE: MMC) is the world’s leading professional services firm in the areas of risk, strategy and people. The company’s nearly 65,000 colleagues advise clients in over 130 countries. With annual revenue over $14 billion, Marsh & McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading firms. Marsh advises individual and commercial clients of all sizes on insurance broking and innovative risk management solutions. Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations meet the health, wealth and career needs of a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit

Source: Marsh & McLennan Companies

Tags: ,