The Marsh McLennan Cyber Risk Intelligence Center (CRIC) released its 2025 report, Cybersecurity Signals: Connecting Controls and Incident Outcomes, on August 27, 2025, highlighting incident response planning as a critical cybersecurity control. The report, based on data from Marsh’s Cyber Self-Assessment and cyber insurance claims, shows organizations with robust incident response plans are 13% less likely to experience a material cyber event.
Report: Cybersecurity Signals: Connecting Controls and Incident Outcomes, released August 27, 2025.
Key Finding: Incident response planning reduces breach likelihood by 13% through tabletop exercises and drills.
Ranking: Fourth most effective control, behind EDR, logging/monitoring, and cybersecurity awareness/phishing testing.
Other Controls:
EDR: 10% breach reduction per 25% coverage increase.
Phishing-resistant MFA: 9% lower breach likelihood.
Source: Marsh McLennan Cyber Risk Intelligence Center, Business Wire.
Stock Context: Marsh McLennan (MMC) at $223.95, up 0.74% (see finance card above).
The report analyzes 12 cybersecurity controls tracked by the cyber insurance industry, correlating their implementation with claim likelihood. Incident response planning, focused on post-breach activities, emerged as the fourth most effective control, following:
Endpoint Detection and Response (EDR): Each 25% increase in deployment reduces breach likelihood by 10%.
Logging and Monitoring: Enhances real-time threat detection.
Cybersecurity Awareness and Phishing Testing: Builds employee resilience.
“Marsh has long advocated proactive cyber incident response planning,” said Tom Reagan, Global Cyber Practice Leader. “Thoughtful planning drives positive security behaviors and strong control implementations, reducing breach incidents.”
The report also emphasizes proper management of controls. For example, phishing-resistant MFA reduces breach likelihood by 9% compared to standard MFA. “Simply deploying controls is no longer enough—they must be properly managed,” said Scott Stransky, Head of CRIC.
With cybercrime costs projected to reach $24 trillion by 2027, the report underscores the need for robust cybersecurity frameworks. Organizations conducting regular tabletop exercises and scenario-based drills see measurable risk reduction, aligning with findings from a 2025 Dragos report showing incident response planning cuts operational technology (OT) cyber risk by up to 18.5%.
Marsh McLennan’s insights, drawn from one of the largest cyber claims datasets, empower organizations to prioritize investments in controls like EDR and MFA, which are critical as 73% of companies reported cyberattacks in 2024, dominated by ransomware and phishing.
The report aligns with broader industry trends, as 60% of enterprises prioritize cyber resilience by 2026. Marsh McLennan’s stock (MMC) rose 0.74% to $223.95 post-announcement, reflecting investor confidence, though it’s 2.5% below its 52-week high of $229.63 (see finance card above).
Marsh McLennan is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of over $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.