3 actions Asia's businesses can take to enhance cyber risk management in 2024

This year saw several high profile cybersecurity incidents in the region. For instance, the port of Nagoya, Japan, was hit by a ransomware attack in July 2023, which forced a network shutdown and caused data loss — disrupting port services and associated business operations for three days.

As 2024 draws near, businesses in Asia face a more complex and threatening cybersecurity landscape than ever. To improve their existing cybersecurity posture, organisations can take these cyber risk management actions to help them accurately quantify their cyber risk exposure, enhance operational resilience, and minimise loss when a cybersecurity incident occurs:

Action #1: Cyber Risk Quantification

The lack of a quantitative assessment on cyber risk can potentially lead to underinsurance, and impact cyber insurance premium and terms and conditions, but quantifying cyber risk exposures requires specialised expertise.

Leveraging the expertise of cyber risk advisors, forensic accountants, actuaries and claims consultants, Marsh Asia's six-step Cyber Risk Quantification identifies your key cyber vulnerabilities, optimises cyber risk transfer costs through in-depth analysis, and provides concrete answers to these questions from key stakeholders:

• Chief Executive Officer: What is my expected financial loss in case of a cyber event?
• Chief Financial Officer: How do we optimise our cybersecurity spending?
• Chief Risk Officer: What cyber insurance do I need? Will the limit be enough?

Find out more about Marsh's Cyber Risk Quantification .

Action #2: Operational Technology Cyber Health Check

When operational technology (OT) and information technology (IT) converge with a consequent increase in endpoints without adequate segmentation, the risk of significant business disruption and physical damage to hardware from cybersecurity incidents can increase.

Developed based on leading practices including the NIST Cyber Security Framework, NIST 800-82 (ICS Security), ISO/IEC 27001 and ISA/IEC 62443 standards, Marsh Asia’s Operational Technology Cyber Health Check is a four-stage assessment designed to help organisations reinforce your OT and industrial control systems (ICS) resilience with four key outcomes:

• Assess the implementation and effectiveness of your cybersecurity controls.
• Document good practices and areas for improvement.
• Obtain recommendations to improve your cybersecurity posture.
• Streamline information gathering to address insurer queries.

Find out more about Marsh's Cyber Operational Technology Health Check .

Action #3: Cyber Crisis Simulation Exercise

Often, the lack of readiness in responding to a cybersecurity incident is caused by the absence of a cyber crisis simulation exercise. To be effective, the exercise should be tailored to the organisation’s unique challenges and independently conducted for actionable insights and robust outcomes.

Marsh Asia's Cyber Crisis Simulation Exercise tests and improves cyber incident response plans through realistic and highly-relevant scenarios conducted in real-time. Our four-stage approach not only enhances understanding of stakeholders' roles and actions to take, but also helps the organisation fine-tune its cyber incident response and crisis management approach and fulfil requirements to access insurance capacity.

Find out more about Marsh's Cyber Crisis Simulation Exercise .

How we approach cyber risk

Marsh's cyber risk management expertise is rooted in a comprehensive approach that supports a proactive cyber defense position. By understanding and addressing the unique needs of each organisation, Marsh provides tailored and effective solutions to manage and mitigate cyber risks.

What's next in Rewarding Risk?

In our next article, we look at findings from the Asia F&B, Retail & Wholesale Industry Survey Report 2023 and explore key risks including economic uncertainty, business continuity and crisis management, as well as climate and sustainability challenges. What are the mitigating actions that businesses can take to enhance their resilience against these risks?

To stay updated on the latest risk insights, follow Marsh Asia on LinkedIn or subscribe to Rewarding Risk, our monthly newsletter, to be notified of the latest emerging risks and opportunities and strengthen your business resilience amid Asia's evolving risk landscape.