Marsh McLennan (NYSE: MMC), the world’s leading professional
services firm in the areas of risk, strategy and people, today
released a report from its Cyber Risk Analytics Center that
directly links key cybersecurity controls commonly required by
cyber insurers to a reduced chance of a cyber incident. By
assessing the relative effectiveness of each control, organizations
are now able to allocate resources towards those that provide the
best protection, better position their risk with insurers, and
build their cyber resiliency more confidently.
This press release features multimedia. View
the full release here:
https://www.businesswire.com/news/home/20230406005089/en/
According to a new Marsh McLennan report,
these five controls, among the 12 key control categories commonly
required by cyber insurers, were determined to have the greatest
ability to decrease the likelihood of a successful cyberattack.
(Graphic: Business Wire)
According to the report, Using data to prioritize cybersecurity
investments, automated hardening techniques were found, by a wide
margin, to have the greatest ability of any control studied to
decrease the likelihood of a successful cyberattack. Organizations
with such techniques in place, which apply baseline security
configurations to system components like servers and operating
systems, are nearly six times less likely to have a cyber incident
than those that do not.
The finding is surprising, the report notes, given that until
now, the three controls most frequently recommended by insurers
have been endpoint detection and response (EDR), multifactor
authentication (MFA), and privileged access management (PAM).
The analysis also shows that MFA, long a staple among
cybersecurity tools and recommendations, only works when it is in
place for all critical and sensitive data, for all remote login
access, and for administrator account access. Organizations with
such broad implementation are 1.4 times less likely to experience a
successful cyberattack than those that do not.
Additionally, patching high severity vulnerabilities across the
enterprise within seven days of the patch’s release ties as the
fourth most effective control – decreasing an organization’s
probability of experiencing a cyber event by a factor of 2, yet it
is has the lowest implementation rate among organizations studied,
at only 24%, the report found.
“All of the key controls in our study are well-known best
practices, commonly required by underwriters to obtain cyber
insurance. However, many organizations are unsure which controls to
adopt and rely on expert opinions rather than data to make
decisions,” said Tom Reagan, US and Canada Cyber Practice Leader,
Marsh. “Our research provides organizations the data they need to
more effectively direct cybersecurity investments, which in turn,
helps favorably position them during the cyber insurance
underwriting process. It is another step toward building not only a
more resilient cyber insurance market, but also a more cyber
resilient economy.”
For the report, Marsh McLennan paired its extensive proprietary
dataset of cyber claims with the results from Marsh Cybersecurity
Self-Assessment (CSA) questionnaires, which are composed of
hundreds of questions and responses from individual organizations.
Based on the correlation, data scientists calculated and assigned a
“signal strength” to each control. The higher the signal strength,
the greater the impact the control has on decreasing the likelihood
of an event.
Among the hundreds of cyber capabilities, tools, and
implementation techniques analyzed and measured, the report focuses
only on those falling within the 12 key control categories commonly
required by cyber insurers. Among those, the top five controls
determined most effective are:
Key control category
Signal strength
Hardening techniques
System configuration management
tools, such as active directory group policy, which enforce and
redeploy configuration settings to systems
5.58
Privileged access
management
Managing desktop or local
administrator privileges via endpoint privilege management
(EPM)
2.92
Endpoint detection and
response
Operating advanced endpoint
security
2.23
Logging and monitoring
Operating a security operations
center (SOC) and/or having an outsourced managed security service
provider (MSSP) with the following capabilities at a minimum:
a. Established incident alert
thresholds b. Security incident and event management (SIEM)
monitoring and alerting for unauthorized access connections,
devices and software
2.19
Patched systems
Patching common vulnerability
scoring system (CVSS) v3 high severity 7.0-8.9 vulnerabilities
across the enterprise within 7 calendar days of release
2.19
Additional insights from the research will be used as part of a
forthcoming cyber event attritional loss model from Marsh McLennan
that will inform insureds of potential losses they could suffer,
and the potential savings benefit from increasing their
cybersecurity posture.
“Marsh McLennan launched the Cyber Risk Analytics Center in late
2021 with the goal of helping organizations make smarter
investments in the ways they identify, prepare for, and recover
from cyber risk,” said Scott Stransky, who leads the Marsh McLennan
enterprise-wide resource. “This groundbreaking report will be
indispensable to Marsh McLennan clients as we work together to
build society’s resilience to this critical and costly risk.”
About Marsh McLennan
Marsh McLennan (NYSE: MMC) is the world’s leading professional
services firm in the areas of risk, strategy and people. The
Company’s more than 85,000 colleagues advise clients in 130
countries. With annual revenue of over $20 billion, Marsh McLennan
helps clients navigate an increasingly dynamic and complex
environment through four market-leading businesses. Marsh provides
data-driven risk advisory services and insurance solutions to
commercial and consumer clients. Guy Carpenter develops advanced
risk, reinsurance and capital strategies that help clients grow
profitably and pursue emerging opportunities. Mercer delivers
advice and technology-driven solutions that help organizations
redefine the world of work, reshape retirement and investment
outcomes, and unlock health and wellbeing for a changing workforce.
Oliver Wyman serves as a critical strategic, economic and brand
advisor to private sector and governmental clients. For more
information, visit marshmclennan.com and follow us on LinkedIn and
Twitter.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20230406005089/en/
Media: Amelia Woltering Marsh McLennan +1 347 703 5358
amelia.woltering@mmc.com
Marsh and McLennan Compa... (NYSE:MMC)
과거 데이터 주식 차트
부터 6월(6) 2024 으로 7월(7) 2024
Marsh and McLennan Compa... (NYSE:MMC)
과거 데이터 주식 차트
부터 7월(7) 2023 으로 7월(7) 2024