Marsh-Microsoft Cyber Risk Survey Addresses Key Trends

Hero image

A steady drumbeat of workplace disruption, digital transformation and ransomware attacks affects confidence in cyber resiliency according to The State of Cyber Resilience, a new report by Marsh and Microsoft to help leaders from all departments align and prioritize their cyber strategies for 2022 and beyond. Guy Carpenter and Marsh are businesses of Marsh McLennan.

More than 650 cyber risk leaders around the world participated in the 2022 Marsh and Microsoft Cyber Risk Survey, the third such collaboration the companies have undertaken in the past 4 years.

The report emphasizes 8 key trends in cyber risk:

  • Cyber-specific enterprise-wide goals—including cybersecurity measures, insurance, data and analytics, and incident response plans—should be aligned to building cyber resilience versus simply preventing incidents. Every organization can expect a cyberattack, as 73% of companies said they had experienced once.
  • Businesses consider ransomware the top cyber threat they face, but it is far from the only one. Other prevalent threats include phishing/social engineering, privacy breaches, and business interruption due to an external supplier being attacked.
  • Insurance is a major component in cyber risk management strategies, influencing the adoption of best practices and controls. Indeed, 61% of companies responding to the survey indicate they buy some form of cyber insurance coverage.
  • Adopting better cybersecurity controls leads to higher ratings for cyber hygiene. Only 3% of responding companies rated their cyber hygiene as excellent.
  • Organizations lag in measuring cyber risk in financial terms, hampering their ability to communicate cyber threats effectively across the enterprise. Just 26% of respondents said their organization uses financial measures for cyber risk.
  • Increased investment continues in cyber risk mitigation, although spending priorities vary. Having experienced an attack spurred 64% of respondents to increase cyber risk investments.
  • New technologies need to be assessed and monitored continuously, not just during implementation and testing prior to adoption. More than half of respondents said they do not extend risk assessments beyond putting new technologies into practice.
  • While many businesses look within effectively to enact cybersecurity actions, only 43% of survey participants have conducted risk assessments of their vendor/supply chain.

Guy Carpenter works closely with clients to share updates on the threat landscape, leveraging our global footprint and insights across the Marsh McLennan network—Marsh, Oliver Wyman and Mercer—to provide superior placement design, peer benchmarking analysis, market intelligence, and industry-transforming affirmative and silent cyber aggregation modeling.


The State of Cyber Resilience

A new report by Marsh and Microsoft to help leaders from all departments align and prioritize their cyber strategies for 2022 and beyond.