A new report from the Cyber Risk Intelligence Center (CRIC) of Marsh McLennan reveals that cyber incident response planning is a key cybersecurity control in reducing an organization’s likelihood of experiencing a breach-related claim, despite its focus on post-breach activities.

The report, titled “Cybersecurity signals: Connecting controls and incident outcomes,” specifically found that organizations regularly engaging in tabletop exercises and scenario-based breach response drills are 13% less likely to experience a material cyber event compared to those that do not.

Since 2023, the CRIC has analyzed organizations’ cyber control implementation data from Marsh’s Cyber Self-Assessment against actual claims. This year, cyber incident response planning ranked as the fourth most effective control in decreasing the probability of a breach-based claim, following endpoint detection and response (EDR), logging and monitoring, and cybersecurity awareness training and phishing testing.

Tom Reagan, Global Cyber Practice Leader at Marsh, stated, “Marsh has long advocated proactive cyber incident response planning as a tool to help organizations effectively and efficiently respond to and recover from a cyberattack.” He added that the research confirms “thoughtful planning also drives secondary benefits like positive security behaviors and strong control implementations, which help build more organizational resilience and reduce breach incidents.”The report also underscored the importance of effective deployment and management of other critical cybersecurity controls. For example, each 25% increase in EDR deployment across workstations and laptops was correlated with an additional 10% decrease in breach likelihood. Similarly, multi-factor authentication (MFA) deployment resistant to phishing schemes showed a 9% lower breach likelihood than MFA lacking such resistance.

Scott Stransky, Head of Marsh McLennan’s CRIC, commented, “Our findings emphasize that simply deploying key cybersecurity controls is no longer enough—these tools must be properly managed and comprehensively used.” He concluded that organizations can leverage these insights to strengthen security frameworks and help reduce their exposure to cyber risks.

Marsh McLennan (NYSE: MMC) is a global leader in risk, strategy, and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer, and Oliver Wyman. The firm reported annual revenue over $24 billion and employs more than 90,000 colleagues.