Nancy Hsu
Vice President
-
Taiwan
Cyber security and information protection can be challenging for companies of all sizes. Hackers are not the only threat – today’s businesses rely on the internet for services such as online marketing, administrative functions, inventory management, credit card processing, and distribution controls. Any intrusion that disrupts delivery of these services can lead to brand and reputation damage, regulatory scrutiny, stakeholder dissatisfaction, and financial losses.
Marsh can help. We offer a range of risk management and risk transfer solutions that will enable you to assess, manage, and respond effectively to the cyber threats that your organisation faces.
We are regularly asked to contribute our expertise through participation at conferences and through thought leadership. We’ve developed proprietary innovations such as Marsh Cyber Gap, which delivers cover for property damage losses resulting from the hacking of industrial control systems – losses which might otherwise be excluded in the property insurance market. And we constantly evolve with the market – and with your own industry – leveraging our team of cyber experts and noted industry leaders.
For you, Marsh’s cyber leadership means gaining a strategy that is multidimensional and holistic, and that accounts for the entire enterprise: operations, compliance, legal, finance, communications, and the board of directors. We’ll define your risks and design an effective cyber risk management programme to help protect your company.
Cyber insurance can help an organization recover losses and associated costs resulting from large-scale breaches, business interruption, ransomware, and other types of cyberattacks.
Comprehensive cyber insurance coverage can provide you with resources and reimbursement for items such as legal fees, incident preparation and response support, employee training, forensics services, and breach notification services. Such insurance policies can also offer you balance sheet protection for first- and third-party costs and liabilities such as lost revenue and extra expenses, regulatory fines and penalties, data and hardware restoration and repair, and reputational harm.
Any company or public sector entity that uses technology or data faces cyber risk. The list of cyber risks challenging organizations today is expanding exponentially. Ransomware, for instance, is increasing in frequency, severity, and sophistication. But it’s just one of many cyber risks to be understood, measured, and managed.
With cyber insurance, you can create a tailored coverage program that transfers risk out of your organization, as well as reduces balance sheet impact and volatility resulting from cyberattacks.
Having a comprehensive cyber risk insurance program in place, complemented by a risk management program, has never been more important to help your organization appropriately manage its risk.
The cyberattacks dominating the headlines today are largely insurable. In those cases where companies bought insurance, coverage responded and claims were paid.
While terms and conditions can vary, a cyber insurance policy can include comprehensive coverage in advance of, during, and after a ransomware attack. It may cover, but is not limited to, incident response planning, breach notification services, and restoration and repair.
IT outages, such as the severe and widespread Crowdstrike software update outage in 2024, can be covered by the following policies:
Businesses at risk of third-party claims for failure to provide services because of an outage may also find a separate errors and omissions (E&O) or professional indemnity (PI) coverage useful.
These coverages can safeguard against loss of revenue and income, extra expenses incurred to resume normal operation, legal defense costs, as well as settlements and damages.
As all cyber insurance policies are bespoke, the terms and conditions may vary. For example, a minimum period of downtime (waiting period) may be applicable before claims can be made. Hence, it may be beneficial to work with a trusted broker to ensure your cyber insurance coverage meets your needs.
For organizations with operational technology and industrial control systems (ICS) that converge with information technology (IT), the risk of business interruption and physical damage to hardware from a cybersecurity incident is significant. Developed based on industry-leading NIST and ISA/IEC standards, Marsh’s Operational Technology (OT) Cyber Health Check can provide an accurate and reliable assessment identify gaps that serve as ‘open doors’ for cyberattackers to strike.
To accurately determine how much cyber insurance coverage is appropriate, organizations can conduct Cyber Risk Quantification, a six-step approach that combines qualitative and quantitative assessments to enable data-driven risk mitigation and risk transfer actions including optimizing cyber insurance costs and capital allocation, thereby helping them avoid potentially costly mistakes such as underinsurance.
When it comes to cyber risk, businesses responding to a recent survey indicated they are most concerned about ransomware, regulatory risk, and supply chain risk. But only 18% of respondents indicated that they are highly prepared for cyber risk (Marsh Risk Resilience Report 2021).
Here’s what you should understand about these trends in relation to your own risk management.
Any organization that uses technology or data has a cyber risk exposure. The list of cyber risks is endless, and disruptions to your business can have an enormous impact on your operations and the bottom line. But cyber, like any business risk, can be understood, measured, and managed.
When it comes to managing cyber risk and threat exposures, companies typically gravitate toward technology solutions, including security hardware and software, cyber consulting and penetration testing services, and cyber risk scorecards. However, despite spending millions, most organizations lack a true view of organizational cyber risk and its potential economic and operational impact on their business.
Our clients look to us for our unique ability to help them better manage cyber risk throughout their organization and improve their resilience. We can help you quantify your cyber risk exposures with scenario-based loss modeling, benchmark potential cyber event losses and costs, consider the effectiveness of cybersecurity controls from a financial perspective, and assess the economic efficiency of multiple cyber insurance program structures.
Vice President
Taiwan