Cyber Liability

Small & Mid-Size Employers Very Exposed to the Growing Risk

Small and midsize employers still appear to be vulnerable to the risks of cyber-crime and data breaches. And organizations are still not doing enough to protect their data or recover from a breach. But there is good news and a strong indication that these organizations are making efforts. 

According to MMA’s 2018 Cyber and Data Security Risk Survey organizations know it's important:

  • 60% said they consider it one of their top 5 risks
  • 75% said they were highly or fairly confident they were ready to manage and respond
  • 82% felt confident they would be able to understand and assess a cyber-attack

... but not important enough to act:

  • Only 18% said they had developed a cyber incident response plan
  • 34% said they had conducted a cyber-security gap assessment
  • 36% said that had implemented a plan to train employees to recognize phishing emails
  • 23% said they had actually conducted penetration testing on their online defenses

Those results came from our 2018 Cyber and Data Security Risk Survey.  MMA surveyed a wide range of organizations, geographies, economic sectors, and job functions. More than half the respondents were from the C-suite.

What we discovered in analyzing the results of this survey is very similar to what we have found in previous MMA cyber surveys: once an organization takes steps to mitigate the risk of a cyber-attack, they are definitely more confident that they will be able to recognize, respond to and recover from the inevitable cyber-attack.

While the majority remains uninsured, the number of those with policies has risen since we began doing this survey. This may be because smaller and midsize employers are learning that strong cyber liability insurance products go beyond simply providing insurance.

MMA is experienced and knowledgeable on cyber risk and has designed proprietary products to protect your tangible and non-tangible assets. Our Management Liability center of excellence, as well as cyber center of excellence, specializes in this technical and complex program design and implementation.

All too often, the cyber-security discussion doesn’t even begin until after a successful attack. And that’s far too late. The time to have the conversation is now, before the attack ever happens.

For more information or to talk about next steps to enact cyber-security, please contact your local Marsh & McLennan Agency representative.


Learn more

2019 Cyber Webinar: Highlights and Materials

Handouts and materials referenced

MMC Cyber Handbook 2020: Advancing Cyber Resilience

CCPA FAQs (from BakerHostetler)

Get Your Privacy House in Order Checklist (from BakerHostetler)

CCPA and GDPR Comparison Chart (from BakerHostetler)


Visit the webinar page to listen to a recording of this online event

Download the Cyber & Data Security Risk Survey Report

Read the full report and take a closer look at the survey results
2018 Cyber & Data Security Risk Survey Report

Cyber Resilience Insights from across our operating companies

Visit Marsh & McLennan Companies' Cyber Resilience Insights website.

Download our Cyber Risk brochure