‘Simply deploying key cyber security controls is no longer enough – these tools must be properly managed and comprehensively used,’ says managing director

While much of the focus around cyber security incidents is given to post-breach activities, preventative incident response planning should be an equally important and valuable part of firms’ cyber security controls.

small business

Read: One in three SMEs have no form of cyber insurance

Read: Google warns that hackers are targeting insurance firms

Not subscribed? Become a subscriber and access our premium content

Explore more cyber related content here, or discover more news here

This is according to a new report from Marsh McLennan’s cyber risk intelligence centre (CRIC), published on 27 August 2025, which found that firms that regularly engage in tabletop exercises and scenario-based breach response drills are 13% less likely to experience a material cyber event than firms that do not.

Endpoint detection and response (EDR) and multifactor authentication (MFA) remained important technical controls in mitigating serious cyber events, Marsh added, as are logging and monitoring, cyber awareness training, patching and vulnerability management.

The report further highlighted that as firms more consistently implement cyber security controls – some nine of the 10 most important control measures, like the aforementioned ones, are implemented by more than 80% of firms – greater focus needs to be placed on the quality of their deployment.

Training and awareness

Regular training and awareness campaigns, the report concluded, are vital to ensuring technical security measures work in the most effective manner.

Read: TechTalk – Directors face ‘real risk’ of liability in wake of cyber attacks

Read: Recent international retail attacks ‘not big enough’ to harden cyber market

Explore more cyber related content here, or discover other news stories here

Tom Reagan, global cyber practice leader at Marsh, said: “Marsh has long advocated proactive cyber incident response planning as a tool to help organisations effectively and efficiently respond to and recover from a cyber attack.

“What our latest research confirms is that thoughtful planning also drives secondary benefits, like positive security behaviours and strong control implementations, which help build more organisational resilience and reduce breach incidents.”

Scott Stransky, managing director and head of Marsh McLennan’s CRIC, added: “Our findings emphasise that simply deploying key cyber security controls is no longer enough – these tools must be properly managed and comprehensively used.”

George is a data reporter at Insurance Times, uncovering interesting industry trends and reporting on the technological advancements that will shape the future of the sector.

He graduated in 2017 from the University of Manchester with a degree in Geology. He spent the first part of his career working in consulting and tech, spending time at Citibank as a data analyst, before working as an analytics engineer with clients in the retail, technology, manufacturing and financial services sectors.View full Profile

More George McDade

Insurance Times Fantasy Football

Topics