Estimated reading time: 5 minutes
Organizations are dealing with higher costs from third-party risks, ongoing ransomware attacks, and more frequent technology failures. A new Marsh report warns that 2026 could be especially challenging as attackers become more aggressive and supply-chain issues worsen. The Cyber Catalyst Report, which surveyed over 2,200 cyber risk leaders in 20 countries, highlights these growing threats and the sharp rise in cyber risk management spending.
Rising Investment Signals a Shift in Global Cyber Strategy
Almost two-thirds of those surveyed plan to spend more on cybersecurity in 2026, showing a move toward more organized cyber risk management. The main areas for new spending are cybersecurity technology, incident planning, and hiring skilled personnel. The press release accompanying the report also says that over a quarter of organizations will increase their budgets by 25% or more.
UK organizations are leading in spending increases, with 74% planning to raise their budgets. In comparison, Asia has the lowest readiness to add funding, which matches the lower confidence levels there. These differences show how investment and preparedness vary by region.
Confidence Grows, But Capabilities Lag – The Global Cyber Threat Landscape
Marsh found that confidence in cyber risk management is rising worldwide, with almost 75% of organizations saying their strategies are effective. However, this confidence is not the same everywhere. In India, the Middle East, and Africa, 83% of organizations feel confident, but in Asia, only 50% do.
Confidence drops when organizations look at their specific skills. The report says that “self-assurance in specific capabilities is often lower than overall confidence.” Training, planning for incidents, and ways to reduce risks are still inconsistent.
Bigger companies are more confident because their experience and maturity enable them to build stronger cyber defenses. Still, the differences in confidence between regions show that some areas have uneven operations and fewer resources, even as overall confidence grows.
Third-Party Cyber Incidents Expand the Attack Surface
Third-party risks are a major concern worldwide. In the past year, 70% of organizations surveyed had a significant cyber incident involving a third party.
The press release underscores this trend, calling third-party exposure a central driver of new cybersecurity investment. Thomas Reagan, Marsh’s Global Cyber Practice Leader, warns that resilience depends on “balancing technology, talent, and preparedness—especially in managing third-party risks.”
These incidents cause disruptions to operations and lead to financial losses. They also make it harder to measure risks, get insurance, and manage oversight at the board level. Page 3 of the report stresses that organizations must “understand the technical and business risks that arise from third parties” as they improve their cyber programs.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Ransomware and Privacy Breaches Continue as Top Threats
Ransomware is the top concern for 39% of respondents, with privacy breaches next at 29%. These threats are the main worries for organizations globally.
The press release confirms that “ransomware and privacy breaches remain top threats globally.” Marsh cautions that these attacks cause major operational damage and reputational harm.
The report advises organizations not to focus too much on a single threat, as incident types continue to evolve. Still, ransomware remains a key part of most cyber strategies because of how damaging it can be.
Scenario Planning Becomes Essential
Planning for different scenarios and running tabletop exercises are now key tools for building resilience. Page 4 of the report explains that these exercises show where responses need improvement and help organizations improve their strategies. Practicing realistic drills helps organizations defend better and recover faster.
Preparing for incidents is a top concern for leaders. Page 6 of the report notes the interviews conducted with leaders who talk about the challenges they face in planning, making decisions, and setting risk priorities.
Cyber Risk Governance Expands Across the Enterprise
Decisions about cyber risks are moving from just security teams to groups that include people from across the whole organization. Page 7 lists four common setups: oversight committees, a single person in charge of cybersecurity, groups that share risk decisions, and global governance teams.
The report states that organizations must “balance risk priorities and involve multiple stakeholders” to manage cyber exposure effectively. This change shows a bigger trend. Cyber incidents now affect financial results, insurance costs, and how smoothly organizations run. Working together across the company helps improve coordination and makes risk management stronger.
Watch Our Latest Podcast with Cowbell COO Trent Cooksley
Investment Priorities Reflect a Push Toward Resilience
Spending priorities reveal a coordinated push toward resilience rather than reactive defense. Technology is the top priority, followed by planning, hiring, and buying cyber insurance. Page 6 shows that 70% of organizations plan to invest in technology and controls to reduce risks.d mitigation controls.
Companies plan to strengthen their basic security. The report points out the importance of endpoint controls, identity security, and monitoring systems. These are now essential as cyberattacks become more complex.
Building Cyber Resilience: The Path Forward
The report ends with a clear message: review your own risks and invest wisely in the right controls and skills to manage cyber threats. Taking action early and investing with purpose are key to staying ahead as threats change.
To build resilience, organizations need careful preparation, involvement from the whole company, and ongoing investment. Use the report’s roadmap now to guide your decisions and prepare for growing cyber threats.
Related Cyber Liability Insurance Posts
