Estimated reading time: 4 minutes
Joseph Wright of Blue Team Alpha recently explained on the Cyber Insurance News podcast that incident response planning saves money. “The financial hit multiplies ten to fifteen times beyond what proactive measures would have cost,” Wright said. You can hear that episode here or here. That message now echoes in a major report from Marsh McLennan’s Cyber Risk Intelligence Center (CRIC). That study, The Cybersecurity Signals: Connecting Controls and Incident Outcomes, confirms that incident response is a leading defense against cyber claims and a path to cyber resilience.
Incident Response Moves Into Top Tier
The Marsh report highlights incident response planning as the fifth most effective control against cyber claims. It ranks behind network hardening, endpoint detection and response (EDR), logging and monitoring, and cyber awareness training. Organizations that regularly run tabletop exercises and breach response drills are 13% less likely to face a material cyber event.
“Marsh has long advocated proactive cyber incident response planning,” said Tom Reagan, Global Cyber Practice Leader at Marsh. He added that effective planning drives “positive security behaviors and strong control implementations”.
Controls Must Be Managed, Not Just Deployed
The report stresses that simply deploying tools is no longer enough. Tools must be configured, tested, and fully utilized. For example, each 25% increase in EDR deployment across endpoints correlates with a further 10% decrease in breach likelihood.
Multi-factor authentication (MFA) shows similar nuances. CRIC found phishing-resistant MFA reduces breach likelihood 9% more than non-resistant methods. “Our findings emphasize that simply deploying key cybersecurity controls is no longer enough—these tools must be properly managed and comprehensively used,” said Scott Stransky, CRIC Head.
One Minute Watch – Joseph Wright on the Cost of Not Being Prepared
Awareness Training and Patching Show Gains
CRIC ranked cyber awareness training and phishing testing among the top indicators of reduced likelihood of breaches. Quality matters more than frequency. Practical training uses realistic simulations that prepare employees to detect and stop attacks.
Vulnerability management also played a strong role. Organizations that increased patch frequency and automated patching have significantly reduced breach risks.
SOC and Logging Increase Signal Strength
Security operations center (SOC) capabilities also ranked high. Organizations with 24/7 SOC coverage and tuned SIEM alerts reported fewer claims. Owning and actively refining SIEM rules added extra strength, showing that fine-tuning security systems creates measurable risk reduction.
Cyber Insurance Implications
The findings carry weight in the cyber insurance market. Marsh’s Cyber Self-Assessment tool links control maturity to claim likelihood, making this data valuable for underwriting decisions.
Cyber insurers now view incident response planning as both a mitigation and resilience factor. This positions IRP alongside technical controls as a core underwriting benchmark.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
Conclusion: Planning Pays Off
The Marsh CRIC study reinforces a central theme: good habits reduce risk; incident response, awareness, EDR, MFA, and patching all matter most when deployed effectively.
“The only constant in cybersecurity is change,” the report concludes. Organizations that practice and refine incident response gain resilience and reduce the cost of breaches.
For CISOs, risk managers, and insurers, the message is clear. For cyber resilience, plan ahead, test often, and manage controls with care.
It’s like trying to get in shape and lose weight; all the fancy gym memberships and cool outfits are no good unless you use them and eat well. You can’t diet on cyber resilience from time to time; it’s a lifestyle.
Related Posts
