1、Cybersecurity signals:Connecting controls and incident outcomesCybersecurity signals:Connecting controls and incident outcomes20304061016 Incident response:Planning is critical EDR:Extensive deployment is best MFA:Scope and type of deployment matter SOC:Increased capabilities positively affect signa

2、l strength Cyber awareness training:Quality over quantity Vulnerability management and patching:Test,measure,Executive summaryControl deep divesLooking back:2023 top controls2025 top controlsConclusionand automate when possibleTable of contents:Cybersecurity signals:Connecting controls and incident

3、outcomes3Executive summary There is no shortage of controls to implement in cybersecurity.But which ones should be prioritized?Cybersecurity leaders need objective,evidence-driven metrics to help them inform and justify cybersecurity investments.In this study,we address the question of what cybersec

4、urity measures make the biggest impact on risk,and further the conversation about control evaluation within the cybersecurity community.In 2023,Marsh McLennan released a first-of-its kind report,Using data to prioritize cybersecurity investments,which set the stage for conversations about data-drive

5、n and real-world evidence-based analysis of various cybersecurity controls.Since then,our Cyber Risk Intelligence Center(CRIC),has continued to analyze thousands of organizations responses to questions on cyber control implementation from the Marsh Cyber Self-Assessment(CSA)against claims histories

6、to derive relationships between control maturity and claim likelihood.The CSA is Marshs industry-leading,unified cyber controls assessment and insurance application tool.The correlations we found provide objective,data-driven signals that continue to show high value on controls referenced in the 202