Analysis Reveals Cybersecurity Controls That Reduce Breach Risk
Marsh research shows incident response planning tops list of most effective security measures.
By: R&I Editorial Team | September 11, 2025
Topics: Cyber | News
Companies with comprehensive incident response planning, fully deployed endpoint detection systems, and advanced security monitoring capabilities experience significantly fewer breaches than their peers, according to analysis of thousands of organizations in Marsh’s latest Cyber Risk Intelligence Center report.
The cybersecurity landscape has fundamentally shifted since Marsh’s 2023 Cyber Risk Intelligence Center report. Where organizations once focused on whether they had implemented basic security controls, the differentiator today lies in how well those controls are deployed and maintained, Marsh said.
The 2025 report reveals that adoption rates for critical security measures have surged dramatically. Endpoint detection and response (EDR) implementation jumped to 91% from 82% between 2023 and 2025. Email security sandboxing increased to 83% from 75%. Most notably, the percentage of organizations setting target windows for patching critical vulnerabilities rocketed to 89% from 53%.
This widespread adoption means simply having these controls no longer provides a competitive advantage, the report noted. The organizations experiencing fewer breaches are those maximizing their existing tools’ capabilities. For instance, companies deploying EDR to 100% of workstations and laptops saw measurably better outcomes than those with partial coverage. Each 25% increase in deployment correlated with additional reductions in breach likelihood, according to the analysis.
Similarly, multifactor authentication (MFA) adoption has become nearly universal, with implementation rates approaching 90% to 100%. But the type of MFA deployment now determines effectiveness, the report said. Organizations using phishing-resistant MFA methods showed stronger security signals than those relying on basic implementations.
Incident Response Planning Emerges as Unexpected Leader
Perhaps the most surprising finding centered on incident response planning, which emerged as a top control despite the analysis focusing primarily on breach prevention rather than post-incident activities. Organizations conducting regular tabletop exercises and maintaining active contracts with incident response providers showed consistently better security outcomes, Marsh reported.
This suggests incident response planning delivers benefits beyond crisis management. Regular exercises appear to drive improvements across entire security programs, as teams identify gaps and refine processes before incidents occur.
For risk managers and insurance professionals, this finding has significant implications, according to Marsh. Traditional approaches often separate prevention from response, treating them as distinct disciplines. The data suggests this separation may be counterproductive. Organizations achieving the best outcomes integrate response planning into their broader security strategy, using exercises to inform preventive measures.
The emphasis on security operations center (SOC) capabilities provides another critical insight. While having any SOC correlates with improved outcomes, the specific capabilities matter tremendously. Organizations with 24/7 operations, threat intelligence integration, and continuous process improvement showed substantially stronger signals than those with basic monitoring setups.
The report also highlights the evolving role of employee training. Quality emerged as more important than frequency, with organizations providing realistic, updated simulations showing better outcomes than those conducting generic awareness sessions. This shift reflects the sophistication of modern threats — employees need practical skills to identify and respond to attacks, not just general awareness.
View the full report here. &
The R&I Editorial Team can be reached at mediacontact@theinstitutes.org.