Need help?
Need help?
Please don't hesitate to reach out to us!
With the increasing volume and impact of cyber threats, it's crucial to address the most critical link in the chain: individuals. Our solution goes beyond traditional technologies by assessing both individual and organizational elements of cyber risk.
By utilizing online assessment tools and psychometric tests, we measure individuals' natural predisposition towards risk as well as their technical skills in cybersecurity, and we evaluate organization's maturity level in terms of risk culture. This comprehensive understanding allows us to predict people risk scenarios and design effective mitigating strategies informed by analytics.
*Not available to US-companies
People-risks due diligence and mitigation
ROI increase for development and reskilling activities
Boosting organizations resilience to cyber incidents
In today's digital landscape, cybersecurity is a critical concern for organizations worldwide. The rise of AI has increased the volume and impact of cyber incidents. Despite implementing technologies to protect against attacks, the human element is often overlooked despite human error being the biggest cybersecurity risk, causing around 95% of data breaches.
To comprehensively assess people risk, the Mercer-Marsh solution investigates a combination of individual and contextual factors. The solution incorporates two modules:
When to use the cybersecurity solution
Overall, Mercer-Marsh's cybersecurity solution is recommended for organizations looking to enhance their cybersecurity defenses and strengthen their overall cybersecurity posture. This approach also facilitates talent decisions related to reskilling, upskilling, organizational design, and risk framing message design, all informed by objective analytics.
The tool is complementary with Marsh Advisory offering on Governance, Risks, Stress test and Incident Management services actually in place
Download the brochure for more details.
Mercer Mettl is GDPR compliant
ISO 9001 CERTIFIED | ISO 27001 CERTIFIED | GDPR Compliant |
---|
Mercer-Marsh's cybersecurity solution is built on the foundation of the psychology of risk, which extensively studies the personal factors that influence how individuals respond to risk.
The solution utilizes an individual predisposition model that identifies 16 personality traits associated with risky behaviors in the realm of cybersecurity, categorized into four competencies:
These factors provide valuable insights into individual risk behavior allowing to predict how individuals are likely to comply with cybersecurity measures or take risks in this domain and enabling organizations to customize their cybersecurity strategies accordingly.
The reports:
The Cybersecurity individual assessment will provide two different reports:
Individual Report for the candidate – it provides an overview of the candidate's profile and detailed view of the personality traits and how they relate to risk-taking behaviour. It identifies the candidate's main strengths and risk hotspots in terms of cybersecurity. Finally, it includes tips for development, highlighting areas where the candidate can improve their cybersecurity practices.
View sample individual report
Manager's group report – it provides aggregated data on the team's posture in cybersecurity. It includes a quantitative measurement of the team's security index and a qualitative description of the team's profile, highlighting their strengths and risk hotspots that may pose challenges or increase the likelihood of engaging in risky behaviors. Based on these findings, the report suggests a team development plan to enhance the team's effectiveness in addressing cybersecurity challenges.
View sample group report
As organizations strive to enhance their risk compliance maturity, it becomes evident that the cultural aspect is often poorly understood. Every organization possesses a risk culture, or even multiple risk cultures. The crucial factor is whether this culture supports or undermines the sustainable success of the organization, either preventing or facilitating risky behaviors. In this context, the risk culture assessment provides valuable insights into the environment in which people operate.
The risk model
We apply the cultural risk compliance model, utilizing an online and anonymous questionnaire. It consists of a comprehensive set of 28 survey questions across five dimensions: Drive behaviors, Relationships, Organization structure, People competencies, and Leadership
The output of this assessment provides a clear understanding of the organization's maturity level, identifies any existing gaps, and offers recommendations on how to progress to the next level. By leveraging this information, organizations can effectively shape their risk culture and promote a more resilient and compliant environment.
In our approach, we recognize the importance of incorporating skill gap data and the maturity level of corporate risk culture into risk-based economic modelling. This allows us to create various cyber scenarios and conduct alternative optimization studies to assess their impact on the financial and non-financial assets of institutions.
By starting with a focus on critical roles within the organization, we identify the necessary technical and behavioural skill sets required to effectively manage cyber risks. We then measure the individual disposition and capability of employees in these roles, taking into account their existing skills and any gaps that may exist. The skill gap data, along with the maturity level of the corporate risk culture, are integrated into our risk-based economic modelling. This modelling approach enables us to simulate different cyber scenarios and evaluate their potential impact on the financial and non-financial assets of the organization.
By conducting alternative optimization studies, we can assess the effectiveness of different risk mitigation strategies and identify the most appropriate courses of action.
Furthermore, the financial information obtained from these studies plays a crucial role in calculating policy limits that can effectively address the costs associated with predicted cyber events. This allows organizations to make informed decisions regarding insurance coverage and risk management strategies.
By incorporating skill gap data, corporate risk culture maturity, and risk-based economic modelling, our approach provides organizations with a comprehensive understanding of their cyber risk landscape. This enables them to make data-driven decisions, allocate resources effectively, and implement targeted measures to mitigate cyber threats and protect their assets.