Global insurance brokerage and risk advisory firm Marsh believes that despite rapid growth in cybersecurity investment in recent years, cyber insurance still accounts for only a small portion of overall cyber spending.
The company believes that as cyber incidents cause greater operational and financial losses, many organizations continue to retain significant cyber-related financial risks on their balance sheets.
According to Marsh, cyber risk has moved far beyond traditional links to data breaches and notification costs to become a broader business issue. The company said cyber incidents now have the potential to disrupt operations, impact supply chains and reduce revenue across multiple parts of an organization.
Marsh attributes this shift to businesses’ increasing reliance on digital technology. Cloud services, shared infrastructure and third-party software now underpin many critical business functions, which means a single cyber incident can have consequences that spill over into interconnected systems. The company noted that this could disrupt production, delay service and put pressure on cash flow.
Marsh said the financial impact of cyber incidents has also changed. Now, many of the most significant losses no longer focus solely on data theft, but stem from long-term operational disruptions, reduced business capabilities and lengthy recovery periods.
Marsh also sees artificial intelligence (AI) as a major factor in reshaping the cyber threat landscape. While AI enables cybercriminals to carry out attacks with greater speed, scale and complexity, the company believes it also provides organizations with more effective tools to strengthen cyber defenses, improve threat detection and respond to incidents faster. Marsh believes that enterprises need to adapt their cyber strategies to take advantage of artificial intelligence while managing the additional risks associated with the technology.
The company insists that cyber risk should no longer be managed solely by information technology or cybersecurity teams. Instead, Marsh believes organizations should involve both cyber experts and financial decision-makers because cyber incidents now have a direct impact on financial performance, liquidity and capital allocation.
Brent Rieth, global head of Marsh Cyber ​​Solutions, added: “Cyber ​​risk can no longer be managed solely as an IT or information security issue. Instead, stakeholders who manage risk and those who manage the organization’s financial performance need to work together. Cyber ​​must be addressed as an enterprise-wide issue that is directly tied to financial performance, liquidity resiliency and capital allocation decisions.”
