Category Risk Management

Marsh warns to invest in robust cybersecurity controls

07 July 2022 Marsh Africa
Spiros Fatouros, CEO at Marsh Africa

Spiros Fatouros, CEO at Marsh Africa

With cyberattacks growing in size and complexity — and underwriters more closely scrutinizing their cyber risk exposures — it’s vital that businesses invest in robust cybersecurity controls.

“As many of us have seen in recent years, cyberattacks just continue to increase. They're fueled by these more sophisticated and persistent attackers, particularly ransomware attacks alone have increased by just a staggering 150% year-over-year and it's become very commonplace for us to read and hear about multimillion-dollar ransom payment demands,” says Spiros Fatouros, Marsh Africa CEO.

At Marsh, one of the things we've done is we've tried to find and hone in on the main cyber controls that the underwriters have been focused on, and we've landed on 12 key cyber hygiene controls. And we believe that companies should really prioritize these and we've even narrowed it further down to the top five.

1. Multifactor authentication (MFA). Hackers today have access to technology able to break user passwords, even ones considered strong — especially when users reuse passwords across multiple sites, which occurs frequently. Organizations should bolster their security through MFA, which requires at least two pieces of evidence (factors) to prove the user’s identity.

2. Endpoint detection and response (EDR). It’s important for companies to have up-to-date information about the security posture of any devices employees use to receive corporate information, whether it’s a laptop, desktop, or mobile device. The monitoring software will watch for any suspicious or irregular activities. EDR also facilitates rapid incident response across an organization’s environment.

3. Secured, encrypted, and tested backups. Increased ransomware activity underscores the need for organizations to have a robust backup strategy for their critical data and applications.

4. Privileged access management (PAM). Users should be required to use higher security login credentials to access administrator or privileged accounts. And, special users — such as IT, network, or database administrators — should only be allowed to carry out specific tasks through their privileged access.

5. Email filtering and web security. Email and web browsing platforms are full of pitfalls and need to be controlled to avoid threat actors gaining an initial foothold into your network. Organizations should block access to any web pages that are deemed inappropriate and those that may contain malware.

Quick Polls


Each year ordinary consumers and their financial and wealth advisers flock to dozens of asset manager ‘outlook’ presentations to find out about economic and investment trends, and the next ‘hot’ company. What do you want asset managers to share during these events?


Asset allocation strategies
Big picture investment themes and how to position portfolios for them
Investment methodologies and historic fund yields
Share tips by the score
fanews magazine
FAnews June 2022 Get the latest issue of FAnews

This month's headlines

A free smoothie does not make a loyal customer
Consequential loss policy court cases
Everything you need to know about death, disability and severe illness cover post-emigration
Are advisers doing all they can for clients’ portfolios?
Financial advisers need help - navigating the complex ESG fund environment
Subscribe now