Groundbreaking Research from Marsh McLennan Reveals Direct Link between Key Cybersecurity Controls and Reduced Cyber Risk
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230406005089/en/
According to a new
According to the report, Using data to prioritize cybersecurity investments, automated hardening techniques were found, by a wide margin, to have the greatest ability of any control studied to decrease the likelihood of a successful cyberattack. Organizations with such techniques in place, which apply baseline security configurations to system components like servers and operating systems, are nearly six times less likely to have a cyber incident than those that do not.
The finding is surprising, the report notes, given that until now, the three controls most frequently recommended by insurers have been endpoint detection and response (EDR), multifactor authentication (MFA), and privileged access management (PAM).
The analysis also shows that MFA, long a staple among cybersecurity tools and recommendations, only works when it is in place for all critical and sensitive data, for all remote login access, and for administrator account access. Organizations with such broad implementation are 1.4 times less likely to experience a successful cyberattack than those that do not.
Additionally, patching high severity vulnerabilities across the enterprise within seven days of the patch’s release ties as the fourth most effective control – decreasing an organization’s probability of experiencing a cyber event by a factor of 2, yet it is has the lowest implementation rate among organizations studied, at only 24%, the report found.
“All of the key controls in our study are well-known best practices, commonly required by underwriters to obtain cyber insurance. However, many organizations are unsure which controls to adopt and rely on expert opinions rather than data to make decisions,” said
For the report,
Among the hundreds of cyber capabilities, tools, and implementation techniques analyzed and measured, the report focuses only on those falling within the 12 key control categories commonly required by cyber insurers. Among those, the top five controls determined most effective are:
Key control category |
Signal strength |
Hardening techniques System configuration management tools, such as active directory group policy, which enforce and redeploy configuration settings to systems |
5.58 |
Privileged access management Managing desktop or local administrator privileges via endpoint privilege management (EPM) |
2.92 |
Endpoint detection and response Operating advanced endpoint security |
2.23 |
Logging and monitoring
Operating a security operations center (SOC) and/or having an outsourced managed security service provider (MSSP) with the following capabilities at a minimum:
a. Established incident alert thresholds |
2.19 |
Patched systems Patching common vulnerability scoring system (CVSS) v3 high severity 7.0-8.9 vulnerabilities across the enterprise within 7 calendar days of release |
2.19 |
Additional insights from the research will be used as part of a forthcoming cyber event attritional loss model from
“Marsh McLennan launched the Cyber Risk Analytics Center in late 2021 with the goal of helping organizations make smarter investments in the ways they identify, prepare for, and recover from cyber risk,” said
About
src="https://cts.businesswire.com/ct/CT?id=bwnewssty=20230406005089r1sid=acqr8distro=nxlang=en" style="width:0;height:0" />
View source version on businesswire.com: https://www.businesswire.com/news/home/20230406005089/en/
Media:
+1 347 703 5358
[email protected]
Source:
To Better Support Medicare and Medicaid Beneficiaries, Zocdoc Launches Search and Booking for Federally Qualified Health Centers (FQHCs) on its Marketplace
Verisk Names Chris Sawford Managing Director of Claims for the UK
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News