Key controls linked to decreased risk of cyber incidents – report

The analysis also showed that MFA only works when it is in place for all critical and sensitive data, all remote login access, and administrator account access. Organizations with such broad implementation are 1.4 times less likely to experience a successful cyberattack than those that do not, the report noted.

Meanwhile, patching high severity vulnerabilities across the enterprise within seven days of the patch’s release was deemed the fourth most effective control. It was found to decrease an organization’s probability of experiencing a cyber event by a factor of two. However, it has the lowest implementation rate among organizations studied, at only 24%.

For the report, Marsh McLennan paired its proprietary dataset of cyber claims with results from Marsh Cybersecurity Self-Assessment (CSA) questionnaires to calculate and assign a “signal strength” to each control.

It specifically focused on the cyber capabilities, tools, and implementation techniques that fell within the 12 key control categories commonly required by cyber insurers.