Cybersecurity Assessment Solution, Global

Driving organizational safety through accurate assessment of people disposition to risk

With the increasing volume and impact of cyber threats, it's crucial to address the most critical link in the chain: individuals. Our solution goes beyond traditional technologies by assessing both individual and organizational elements of cyber risk.

By utilizing online assessment tools and psychometric tests, we measure individuals' natural predisposition towards risk as well as their technical skills in cybersecurity, and we evaluate organization's maturity level in terms of risk culture. This comprehensive understanding allows us to predict people risk scenarios and design effective mitigating strategies informed by analytics.

*Not available to US-companies

Request a demo

In stock
SKU
Cybersecurity Assessment solution, Global
peoplepeople

People-risks due diligence and mitigation

profit graphprofit graph

ROI increase for development and reskilling activities

trophytrophy

Boosting organizations resilience to cyber incidents

In today's digital landscape, cybersecurity is a critical concern for organizations worldwide. The rise of AI has increased the volume and impact of cyber incidents. Despite implementing technologies to protect against attacks, the human element is often overlooked despite human error being the biggest cybersecurity risk, causing around 95% of data breaches.

To comprehensively assess people risk, the Mercer-Marsh solution investigates a combination of individual and contextual factors. The solution incorporates two modules:

  • Understand the organizational elements of cybersecurity: a risk culture compliance model is employed, involving an online questionnaire to assess an organization's maturity level in terms of risk culture.
  • Understanding the people elements of cyber-security: grounded in the field of psychology of risk, the solution leverages online assessment tools to measure individuals' natural predisposition towards risk and evaluate their technical skills in cybersecurity. .
A three-step Cybersec Assessment JourneyA three-step Cybersec Assessment Journey

When to use the cybersecurity solution

Overall, Mercer-Marsh's cybersecurity solution is recommended for organizations looking to enhance their cybersecurity defenses and strengthen their overall cybersecurity posture. This approach also facilitates talent decisions related to reskilling, upskilling, organizational design, and risk framing message design, all informed by objective analytics.

The tool is complementary with Marsh Advisory offering on Governance, Risks, Stress test and Incident Management services actually in place

  • Strengthening Cybersecurity Defenses: When organizations want to enhance their cybersecurity defenses and resilience against evolving cyber threats, Mercer-Marsh's solution can help identify people risk scenarios and design effective strategies to mitigate them.
  • Assessing Risk Culture Maturity: If organizations want to assess their risk culture maturity and understand their current level of resilience to cyber threats, Mercer-Marsh's risk culture compliance model can provide valuable insights. This assessment can guide organizations in developing a sustainable approach to enhance their risk culture over time.
  • Predicting and Influencing Cybersecurity Behaviors: When organizations aim to predict and influence individuals' cybersecurity behaviors, Mercer-Marsh's "Understanding People Risk" module can be utilized. By assessing individuals' natural predisposition towards risk and evaluating their technical skills, organizations can identify areas for development and training, and make informed talent decisions.
  • Designing Effective Mitigating Strategies: If organizations want to design effective mitigating strategies informed by analytics, Mercer-Marsh's solution can combine insights from the risk culture compliance model and the understanding people risk module. This approach enables organizations to identify people risk scenarios and develop targeted strategies to reduce vulnerabilities and strengthen cybersecurity defenses.
  • Calculating policy limits : that can effectively address the costs associated with predicted cyber events. This allows organizations to make informed decisions regarding insurance coverage and risk management strategies.

Download the brochure for more details.

Mercer Mettl is GDPR compliant

ISO 9001 CERTIFIED ISO 27001 CERTIFIED GDPR Compliant

Mercer-Marsh's cybersecurity solution is built on the foundation of the psychology of risk, which extensively studies the personal factors that influence how individuals respond to risk.

The solution utilizes an individual predisposition model that identifies 16 personality traits associated with risky behaviors in the realm of cybersecurity, categorized into four competencies:

  • Compliance and Process - refers to an individual's ability to adhere to cybersecurity rules, regulations, and protocols, as well as their understanding of the processes involved in maintaining a secure environment.
  • Taking Responsibility - encompasses an individual's sense of ownership, assertiveness, ability to take charge, and effective planning in the context of cybersecurity.
  • Positive Attitude - relates to an individual's mindset and outlook towards cybersecurity, including resilience, positivity, openness to change, and persistence in overcoming challenges.
  • Interpersonal Relationships - focuses on an individual's ability to establish and maintain positive relationships with others in the context of cybersecurity, fostering collaboration, empathy, and effective communication.
elements of cybersecurity elements of cybersecurity

These factors provide valuable insights into individual risk behavior allowing to predict how individuals are likely to comply with cybersecurity measures or take risks in this domain and enabling organizations to customize their cybersecurity strategies accordingly.

The reports:
The Cybersecurity individual assessment will provide two different reports:

Individual Report for the candidate – it provides an overview of the candidate's profile and detailed view of the personality traits and how they relate to risk-taking behaviour. It identifies the candidate's main strengths and risk hotspots in terms of cybersecurity. Finally, it includes tips for development, highlighting areas where the candidate can improve their cybersecurity practices.
View sample individual report

Manager's group report – it provides aggregated data on the team's posture in cybersecurity. It includes a quantitative measurement of the team's security index and a qualitative description of the team's profile, highlighting their strengths and risk hotspots that may pose challenges or increase the likelihood of engaging in risky behaviors. Based on these findings, the report suggests a team development plan to enhance the team's effectiveness in addressing cybersecurity challenges.
View sample group report

As organizations strive to enhance their risk compliance maturity, it becomes evident that the cultural aspect is often poorly understood. Every organization possesses a risk culture, or even multiple risk cultures. The crucial factor is whether this culture supports or undermines the sustainable success of the organization, either preventing or facilitating risky behaviors. In this context, the risk culture assessment provides valuable insights into the environment in which people operate.

The risk model

We apply the cultural risk compliance model, utilizing an online and anonymous questionnaire. It consists of a comprehensive set of 28 survey questions across five dimensions: Drive behaviors, Relationships, Organization structure, People competencies, and Leadership

organisational elements of cyber securityorganisational elements of cyber security

The output of this assessment provides a clear understanding of the organization's maturity level, identifies any existing gaps, and offers recommendations on how to progress to the next level. By leveraging this information, organizations can effectively shape their risk culture and promote a more resilient and compliant environment.

In our approach, we recognize the importance of incorporating skill gap data and the maturity level of corporate risk culture into risk-based economic modelling. This allows us to create various cyber scenarios and conduct alternative optimization studies to assess their impact on the financial and non-financial assets of institutions.

By starting with a focus on critical roles within the organization, we identify the necessary technical and behavioural skill sets required to effectively manage cyber risks. We then measure the individual disposition and capability of employees in these roles, taking into account their existing skills and any gaps that may exist. The skill gap data, along with the maturity level of the corporate risk culture, are integrated into our risk-based economic modelling. This modelling approach enables us to simulate different cyber scenarios and evaluate their potential impact on the financial and non-financial assets of the organization.

By conducting alternative optimization studies, we can assess the effectiveness of different risk mitigation strategies and identify the most appropriate courses of action.
Furthermore, the financial information obtained from these studies plays a crucial role in calculating policy limits that can effectively address the costs associated with predicted cyber events. This allows organizations to make informed decisions regarding insurance coverage and risk management strategies.

By incorporating skill gap data, corporate risk culture maturity, and risk-based economic modelling, our approach provides organizations with a comprehensive understanding of their cyber risk landscape. This enables them to make data-driven decisions, allocate resources effectively, and implement targeted measures to mitigate cyber threats and protect their assets.

Sample project roadmapSample project roadmap

Request a demo

Get in touch and see how our cybersecurity solutions can enhance your business. Tell us about your business needs including head office location and operating countries

Need help?

Send us an email

Need help?

Please don't hesitate to reach out to us!