Marsh analyzed its claims data and responses to customer self assessments. The resulting report may surprise some folks…
“Automated hardening techniques — by a wide margin — have the greatest
ability of any control studied to decrease the likelihood of a successful
cyberattack, making it a key control to prioritize in order to minimize
losses. Hardening limits the means of attack by applying baseline security
configurations to system components, including servers, applications,
operating systems, databases, and security and network devices.
The finding on hardening is an eye opener because, until now, the top
three controls brought up by most insurers have been endpoint detection
and response (EDR), multifactor authentication (MFA), and privileged
access management (PAM).”
Get the report here.