Insurance is a key component of cyber risk management strategy and influences the adoption of best practices and controls, according to a new Cyber Risk Survey by Marsh and Microsoft. ‘The State of Cyber Resilience’ report highlights that the previous years of workplace disruption, digital transformation and ransomware attacks means that most organisational leaders are no more confident in their ability to manage cyber risk than they were two years ago. The survey found that many companies have not adopted an enterprise-wide approach to cyber risk, with only 41 per cent of respondents engaging legal, corporate planning finance, operations or supply chain management departments while developing cyber risk plans. On a more optimistic note, 61 per cent of respondents say their company purchases some type of cyber insurance coverage, marking a nearly 30 per cent increase since the last survey by Marsh and Microsoft in 2019. With the adoption of certain cybersecurity controls now a minimum requirement for a majority of insurers, the survey notes that this has a positive impact on cybersecurity measures, with 41 per cent stating the requirements influenced decisions to enhance existing controls or adopt new ones. Discussing the best practices for building enterprise-wide cyber risk management, the report recommends executive leaders involve departmental leaders in discussions on how cyber risk finance integrates into corporate growth strategy. Furthermore, Marsh and Microsoft recommend departmental leaders (including risk management, insurance, finance and IT) collaborate to quantify cyber risks in financial terms and establish metrics for corporate risk tolerance. Interdepartmental communication is also important to purchase comprehensive cyber insurance coverage, for example, including technology errors and omissions, regulatory defence, physical damage to operational assets, and network security liability. The report also notes that departmental leaders should consider alternative risk finance, such as captives and parametric coverage, to ensure an optimal cyber risk management approach. Captive Insurance Times recently published a feature examining how the evolution of cyber risk has led to more companies considering captives to close coverage gaps left by the expensive commercial market.