Prioritizing Cybersecurity Controls: Insights from Marsh McLennan’s Study

In an era where cyber threats are ever-evolving, security leaders face immense pressure to allocate resources effectively. A recent study by Marsh McLennan’s Cyber Risk Intelligence Center (CRIC) sheds light on which cybersecurity measures are most effective in reducing breach risks. By analyzing thousands of organizations’ responses to its Cyber Self-Assessment and correlating them with claims data, the study provides valuable insights into prioritizing security controls.

Incident Response Planning

At the forefront of the study’s findings is the importance of incident response planning. Organizations that engage in tabletop exercises and red-team tests consistently demonstrate better outcomes compared to those that do not. This proactive approach not only prepares teams for potential breaches but also fosters a culture of security awareness. The study highlights that the process of running these exercises often leads to investments in other areas of the security program, enhancing overall resilience.

Thoughtful planning in incident response not only prepares organizations for immediate threats but also cultivates positive security behaviors and robust control implementations. This multifaceted approach significantly contributes to reducing breach incidents.

Endpoint Detection and Response

Endpoint detection and response (EDR) tools have emerged as a critical component in the fight against cyber threats. The research indicates that the benefits of EDR tools increase with broader deployment. Specifically, a 25% increase in endpoint coverage correlates with a notable reduction in breach likelihood. Full deployment across all laptops and workstations yields the most significant results, particularly when EDR is utilized in blocking mode. This highlights the necessity for organizations to prioritize comprehensive EDR strategies to bolster their defenses.

Multi-Factor Authentication

While multi-factor authentication (MFA) has become nearly universal, its effectiveness now hinges on the scope and strength of its implementation. Organizations that enforce phishing-resistant MFA across all accounts achieve significantly better outcomes than those relying on basic implementations. As cyber threats become more sophisticated, the need for robust authentication measures is paramount. Organizations must ensure that their MFA strategies are not only in place but also resilient against emerging threats.

Security Operations Centers

The establishment of a security operations center (SOC) is a valuable asset for any organization; however, the capabilities of the SOC are what truly matter. Features such as 24/7 monitoring, active threat intelligence, and continuous process improvement enhance the effectiveness of a SOC. The study also emphasizes the importance of security information and event management (SIEM) platforms. Organizations that actively refine and tune their SIEM rules derive greater value from these systems, underscoring the need for ongoing optimization in security operations.

Cyber Awareness Training

User training remains a cornerstone of cybersecurity, but the quality of training is more critical than its frequency. The study reveals that updated content reflecting new social engineering tactics, combined with realistic phishing simulations, leads to better outcomes than merely increasing the number of training sessions. Employees are often aware of common cyber risks; therefore, advanced preparation is essential for them to effectively spot and respond to sophisticated threats.

Vulnerability Management and Patching

Patching and vulnerability management are foundational elements of a robust cybersecurity strategy. The analysis indicates that higher patching frequency correlates with stronger security outcomes. However, relying solely on Common Vulnerability Scoring System (CVSS) scores can be misleading. Organizations that conduct regular assessments, penetration testing, and implement automated patch management processes see a higher impact on risk reduction. Automation, in particular, stands out as a crucial factor in minimizing risk by eliminating manual steps in the patching process.

Conclusion

As cyber threats continue to evolve, organizations must prioritize their cybersecurity measures based on evidence and effectiveness. The findings from Marsh McLennan’s study provide a roadmap for security leaders, highlighting the controls that matter most in reducing breach likelihood. By focusing on incident response planning, EDR tools, robust MFA, effective SOC capabilities, quality cyber awareness training, and diligent vulnerability management, organizations can enhance their resilience against cyber threats and safeguard their critical assets.