A business of Marsh McLennan
12 Critical Controls Needed for Insurance
2022 Cyber Insurance Update:
US & Canada Cyber Practice

2
*New Dark Web Audit Reveals 15 Billion Stolen Logins From 100,000 Breaches (forbes.com)
Vendors highlighted in yellow are Marsh Catalyst vendors
Key Controls
Proposed Solutions
Key
Control
The Issue Solutions (non exhaustive) How Marsh Can Help
1.
Multi-Factor
Authentication
(MFA)
Controlled
Access
Ransomware attacks often start
with compromised credentials. MFA
is a method to validate or verify a
user’s request to access an IT
resource, by requiring the user
provide two or more pieces of
evidence to be authenticated. This
can help thwart ransomware
attacks.
MFA solution (RSA SecureID, Duo,
Okta, Ping Identity, LastPass, etc.),
Password, Data Protection & Access
Management Policies
• Review your organization’s current
practices
• Provide support for MFA solution
selection and deployment
• Develop/ review Information Security
Policies: Password, Data Protection &
Access Management Policies
2.
Secured &
Tested
Backups
Attackers are looking to delete
backups prior to launching a
ransomware attack launch so they
can successfully cripple and extort
their victims. It is essential to secure
backups through encryption and
isolation from the network (offline or
MFA-controlled access), as well as
regularly test backups and recovery
plans.
Cloud Backups With MFA-Controlled
Access, Offline Backups, Disaster
Recovery Plan (DRP), Business
Continuity Plan (BCP), DR Tests,
Integrity Checks
• Review your organization’s current
practices
• Provide support for backup solution
selection and deployment
• Develop DRP and BCP
• Support DR tests and Incident
Response exercises

3
Vendors highlighted in yellow are Marsh Catalyst vendors
Key Controls
Proposed Solutions - Continued
Key
Control
The Issue Solutions (non exhaustive) How Marsh Can Help
3.
Managed
Vulnerabilities
Regular vulnerability scans and
annual penetration testing simulate
cyber attacks on the network. Such
actions allow organization to
uncover existing vulnerabilities and
remediate before threat actors have
a chance to exploit them.
Vulnerability Scanning Solutions
(Qualys VM, OpenVAS, Tenable
Nessus, InsightVM, Frontline
Vulnerability Manager, etc.), Network
Security Tests (Vulnerability Scans,
Penetration Tests, Application
Security Tests, etc.), Patch &
Vulnerability Management Policies
• Conduct network security tests
(vulnerability assessments, pentests,
application security tests…)
• Develop/ review Information Security
Policies: Patch & Vulnerability
Management Policies
4.
Patched
Systems &
Applications
Unpatched vulnerabilities remain a
leading cause of intrusions into
systems. Hundreds of vulnerabilities
are revealed every month for
multiple applications and systems.
When technology environments are
not patched in a timely fashion,
attackers will seek to exploit their
vulnerabilities.
Patch Management Solutions
(Microsoft System Center
Configuration Manager, Atera, Ivanti,
etc.), Patch & Vulnerability
Management Policies
• Provide support for vulnerability
scanning solution selection and
deployment
• Develop/ review Information Security
Policies: Patch & Vulnerability
Management Policies

4
Vendors highlighted in yellow are Marsh Catalyst vendors
Key Controls
Proposed Solutions - Continued
Key
Control
The Issue Solutions (non exhaustive) How Marsh Can Help
5.
Filtered
Emails &
Web Content
Malicious links and files are still the
primary way to insert ransomware,
steal passwords, and eventually
access critical systems. Today’s first
line of defense includes indispensable
technologies to filter incoming emails,
block malicious sites or downloads,
and test suspicious content in a secure
“sandbox” environment.
Email Security Solutions (Proofpoint
Email Protection Suite, Mimecast
Secure Email Gateway, Barracuda
Sentinel, FortiMail, Office 365
Advanced Threat Protection, etc.),
Web-Content Filtering Solutions
• Review your organization’s current
practices
• Provide support for Email Security
and/or Web Content Filtering
solution selection and deployment
6.
Protected
Privileged
Accounts
Privileged accounts are the keys of a
network. When attackers compromise
these accounts, the likelihood of
causing significant harm is extremely
high. Limiting the number of privileged
accounts, using strong password
security practices/vaults, MFA, and
monitoring these accounts is critical to
network security.
Privileged Access Management (PAM)
Solutions (CyberArk Software,
BeyondTrust, etc.), Privileged Access
Management Policy - Including Audit,
Monitoring & Alerting
• Review your organization’s current
practices
• Provide support for Privileged
Access Management solution
selection and deployment
• Develop/ review Information
Security Policies: Privileged Access
Management Policy

5
Vendors highlighted in yellow are Marsh Catalyst vendors
Key Controls
Proposed Solutions Continued
Key
Control
The Issue Solutions (non exhaustive) How Marsh Can Help
7.
Protected
Network
All breached organizations used
firewalls to protect their networks - but
the technology is often underutilized or
outdated. Now is the time to ensure
efficient firewall and other technologies
are in place with well defined rules;
network segmentation, intrusion
detection and prevention systems,
data leak prevention systems, etc.
Network Firewalls (FortiGate: Next
Generation Firewall, Cisco, Firebox:
WatchGuard, etc.), Network
Segmentation, IDS/IPS, DLP, MFA-
Controlled Remote Access, and other
network hygiene practices.
• Review your organization’s current
practices
• Provide support for network
protection solutions selection and
deployment
8.
Secured
Endpoints
Advanced anti-malware solutions on
workstations, servers, and mobile
devices detect malicious programs and
contain their spread. Technology
allows organizations to remotely
respond to attacks and even prevent
data leakage. The time when simple
“anti-virus” was good enough is behind
us.
Centralized Anti-Malware Solutions,
Endpoints Security & Vulnerability
Remediation (Absolute Software –
Absolute Resilience, etc.), Endpoint
Detection and Response (EDR)
Solutions (Cylance, VMware Carbon
Black EDR, CrowdStrike Falcon,
Windows Defender ATP, FireEye HX.
SentinelOne Endpoint Protection
Platform, Symantec ATP, etc.)
• Provide support for endpoint
security solution selection and
deployment

6
Vendors highlighted in yellow are Marsh Catalyst vendors
Key Controls
Proposed Solutions - Continued
Key
Control
The Issue Solutions (non exhaustive) How Marsh Can Help
9.
Logged &
Monitored
Network
Logging and monitoring network
activities allows organization to identify
something possibly harmful might be
happening. And attackers actions can
be detected and contained at an early
stage. Automated technology
combined with operators monitoring is
needed to watch network events or
anomalous behavior of users.
Security Information and Event
Management Solutions (LogRythm,
IBM QRadar, ArcSight, etc.), Network
detection and response solution
(Gigamon ThreatINSIGHT, etc.),
Outsourced Security Operations
Center (Scalar, Trustwave, etc.). Log
Management Policy
• Review your organization’s current
practices
• Provide support for solution
selection and deployment
• Develop/ review Information
Security Policies: Log
Management Policy
10.
Phishing-
Aware
Workforce
Recently, attackers took advantage of
COVID-19 – when people where
stressed the most - as a guise to
spread ransomware. There will always
be environmental factors that attackers
can exploit to deceive people. Training
and phishing campaigns help ensure
people remain aware and vigilant.
Security Awareness Training Platforms
& Phishing Campaigns (KnowBe4,
InfoSecIQ, Kaspersky, Proofpoint,
Cofense PhishMe, Barracuda
PhishLine, etc.)
• Conduct phishing tests in your
organization
• Provide support for cyber risk
awareness and training solution
selection and deployment
• Provide risk bulletins to support
employee awareness on cyber
security issues

7
Vendors highlighted in yellow are Marsh Catalyst vendors
Key Controls
Proposed Solutions - Continued
Key
Control
The Issue Solutions (non exhaustive) How Marsh Can Help
11.
Hardened
Device
Configuration
Attackers exploit default device
settings or misconfigurations. Defining
security baselines to harden devices,
continuously managing secure
configurations and change control
processes is essential to preventing
attackers from reaching their target.
Configuration Management Solutions
to harden, deploy, enforce, monitor and
track configurations/ security baselines
(Microsoft Endpoint Manager, etc.).
Security Baselines (CIS baselines,
DoD baselines, etc.). Configuration and
Change Management Policies
• Review your organization’s current
practices
• Provide support for hardening
solution selection and deployment
• Develop/ review Information
Security Policies: Configuration
and Change Management Policies
12.
Prepared &
Tested
Incident
Response
Plans
An up-to-date incident response plan
with a trained team provides efficiency,
speed, and quality in response to cyber
incidents. When combined with
backups and business continuity plans,
it significantly helps to mitigate the
impacts on operations and your
organization’s reputation, thereby
limiting overall costs.
Incident Response (IR) Plan, Tabletop
or Incident Simulation Exercises,
Breach & Attack Simulation Platforms
(XM Cyber, etc.), Relationships with IR
vendors
• Develop Incident Response (IR)
Plan
• Coordinate IR Plan with DRP and
BCP
• Facilitate tabletop/ incident
simulation exercises
• Identify & help implement
resilience enhancements
• Provide support for IR solutions &
vendor selection

We are leaders in risk, strategy and people. One company, with four global businesses,
united by a shared purpose to make a difference in the moments that matter.
A business of Marsh McLennan
This document and any recommendations, analysis, or advice provided by Marsh (collectively, the “Marsh Analysis”) are intended solely for the entity identified as the recipient herein (“you”). This document contains proprietary, confidential information of Marsh and
may not be shared with any third party, including other insurance producers, without Marsh’s prior written consent. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and
are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. Any modeling, analytics, or projections are subject to inherent uncertainty, and the Marsh Analysis could be materially affected if any
underlying assumptions, conditions, information, or factors are inaccurate or incomplete or should change. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no
obligation to update the Marsh Analysis and shall have no liability to you or any other party with regard to the Marsh Analysis or to any services provided by a third party to you or Marsh. Marsh makes no representation or warranty concerning the application of policy
wordings or the financial condition or solvency of insurers or reinsurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage. All decisions regarding the amount, type or terms of coverage shall be your ultimate responsibility. While
Marsh may provide advice and recommendations, you must decide on the specific coverage that is appropriate for your particular circumstances and financial position. By accepting this report, you acknowledge and agree to the terms, conditions, and disclaimers set forth
above.
Copyright © 2021 Marsh LLC. All rights reserved.