Picture of Marsh & McLennan Companies logo

MRSH Marsh & McLennan Companies News Story

0.000.00%
us flag iconLast trade - 00:00
FinancialsConservativeLarge CapNeutral

Realistic training and phishing-resistant MFA most effective cyber defenses, Marsh study finds

By Keira Wingate

Aug 29 - (The Insurer) - Although tools such as multifactor authentication (MFA) are nearly universal among companies, outcomes of cyber attacks depend on how well they are deployed and configured, a study by Marsh McLennan’s Cyber Risk Intelligence Center found.

The study, which analyzed thousands of cyber self-assessments alongside insurance claims data to pinpoint which controls most effectively lowered the chances of a breach occurring, found that regular cyber drills, like practice run-throughs of how a company would respond to a hack, proved to be the most effective defense.

Marsh said these exercises not only help firms react better when an attack happens, but also encourage stronger day-to-day security habits. However, the report, which was released on August 27, emphasized that not all training is equal. For example, frequent but generic awareness programs delivered less benefit than realistic phishing simulations and regularly updated content.

“Users in 2025 are likely already aware of cyber threats; now they want to know how to identify and respond to them,” it said.

Marsh's study also found that simply having a security operations center was not enough. Breach risk fell sharply when security teams added stronger monitoring, fine-tuned their detection systems and used up-to-date threat intelligence.

Moreover, companies that utilized automated tools to address software flaws quickly and regularly tested their systems for vulnerabilities experienced fewer breaches, demonstrating that consistent checks are more effective than relying solely on risk scores.

Marsh said its findings underscore the value of “evidence-based” security investments for companies and insurers alike. As cyber insurance evolves, the report said insurers may focus more on how effectively security measures are implemented and utilized, rather than just whether a company has them in place.

“The quality of implementation may be as important as the presence of the controls themselves,” the report concluded.

Recent news on Marsh & McLennan Companies

See all news