Skip to main content

5 recommended actions to strengthen your cyber resilience

13 November 2025

HM government has issued a letter to chief executives urging them to make cyber security a board-level responsibility and to take proactive steps against the growing threat of cyber-attacks.

This UK-wide appeal comes in response to hostile cyber activity becoming more frequent and sophisticated than ever before. Over the past year, UK businesses faced an astonishing 7.7 million cybercrimes, impacting nearly half of all companies.¹ These incidents were reported by businesses just like yours, of all sizes from micro-businesses to SMEs and larger corporations. The response from each company depended heavily on how prepared they were and the strength of their cyber resilience strategy and cyber incident response plan.

What is cyber resilience?

Cyber resilience isn’t just about technology; it’s about preparing your entire business to prevent, respond to, and recover from cyber incidents. This includes protecting your:

  • critical assets;
  • business processes;
  • information systems;
  • and other critical systems.

It also helps your business adapt to new challenges in the cyber threat landscape. One vital part of this preparation is cyber insurance, which can provide essential support, financial protection, and expert resources ready to respond when you need them most.

To help you safeguard your business, here are our five recommended actions to strengthen your cyber resilience:

1. Integrate cyber insurance into your risk strategy

Cyber insurance is a critical part of a comprehensive cyber resilience strategy. It provides financial protection against losses from incidents such as:

  • system failures;
  • data breaches;
  • business interruption;
  • ransomware extortion;
  • and reputational harm.

At Marsh Commercial we work with our insurance partners to arrange policies that meet the unique needs of your business. This ensures your policy covers key areas including:

  • incident response costs;
  • forensics
  • business interruption;
  • data restoration;
  • extortion payments;
  • and regulatory defence costs.

We’ll help you understand any exclusions and ensure the coverage aligns with your specific risks and regulation requirements. This includes any necessary requirements from the Cyber Resilience Act and other rules from the European Union and EU market.²

Cyber insurance complements your technical and governance measures by providing access to expert resources and financial support to help your business recover quickly. It also supports your ability to deliver on your business operations without disruption.

2. Review and strengthen cyber governance

Effective cyber security starts at the top. It’s crucial that your board or leadership team understand and take ownership of cyber risk and integrates it into overall business governance and resilience. This means:

  • regular reporting on cyber threats, risks, and mitigation efforts at meetings;
  • making cyber security a board-level responsibility to ensure it receives proper attention and resources.

Strong governance also means aligning your policies and procedures with industry best practices and government guidance. This creates a culture of cyber and security awareness throughout your organisation, from executives to frontline staff.

Key areas to focus on include:

  • Understanding your financial & operational exposures should a cyber incident impact your business.
  • Access management controls to carefully manage who can access your network and other digital elements.
  • Protecting hardware and software products from vulnerabilities.
  • Ensuring your security posture is robust and adaptive.
  • Conducting a regular assessment of your security measures to maintain integrity.
  • Research into potential and emerging threats.

3. Align incident response with government guidance

No organisation is immune from cyber incidents, so being prepared is key. Develop or refine your incident response plan - a clear, step-by-step plan for how your business will respond to a cyber event. This should include:

  • roles and responsibilities;
  • communication protocols;
  • procedures for containing and mitigating damage;
  • recovery plans based on recovery priorities.

Speak to us about your insurer’s role in incident response. Depending on your level of cover, the insurer may be able to mobilise an expert team to provide immediate assistance.

Additionally, establish clear breach notification processes to comply with legal and regulatory requirements. Use the right tools to detect security breaches or anomalies early and respond swiftly. This can help you avoid costly penalties and reputational damage.

4. Upgrade resilience investments

A strong cyber resilience plan begins with robust risk management tailored to your business needs. While cyber insurance is important, the best protection comes from clear business processes, policies, and a strong security culture embedded across your organisation. Marsh provides a range of solutions to help your business enhance risk management and lower the risk of cyber threats.

Investing in cyber resilience means prioritising the right controls, training, and technology. Regular staff training raises awareness of cyber risks and teaches employees how to spot and respond to threats like phishing emails.

Make sure your investments align with your cyber insurance coverage to maximise value. For example, some policies may require certain security measures to be in place to qualify for coverage or to reduce premiums.

5. Enhance third-party risk management

Your cyber resilience is only as strong as your weakest link, and that often includes your (digital) supply chain and third-party partners. Extend your security requirements and monitoring to cover suppliers, (both physical and digital) contractors, and other external parties who have access to your systems or data.

Aligning third-party risk management practices with your overall cyber risk strategy helps reduce vulnerabilities and ensures that your entire ecosystem is prepared to withstand cyber threats.

Take action today

Cyber threats are evolving rapidly, but with the right approach, your business can remain aware of the cyber risk landscape and be prepared to deal with any impacts.  Remember, cyber insurance also covers interruptions caused by non-criminal incidents.

Strengthen your cyber resilience by following these five recommended actions and integrating cyber insurance into your risk management strategy.

If you want to learn more about building a cyber resilience strategy and how cyber insurance can support this, contact our expert team today on 0330 8187 676 or provide your details and a member of our team will get in touch.

 

Sources

1. ncsc.gov.uk/cyberessentials/overview
2. digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act

Not sure where to start with cyber cover?

Get in touch with our cyber experts and we'll help arrange a cyber insurance policy that is truly right for you.

Get in Touch
John Kavanagh in a white shirt smiling, standing against a plain background.

John Kavanagh

Managing Director, Marsh Commercial

For people and businesses like you

Sign up to our newsletter for updates to your inbox

What are you looking for?

© Marsh Commercial is a trading name of Marsh Ltd. Marsh Ltd is authorised and regulated by the Financial Conduct Authority for General Insurance Distribution and Credit Broking (Firm Reference No. 307511). Copyright © 2025 Marsh Ltd. Registered in England and Wales Number: 1507274, Registered office: 1 Tower Place West, Tower Place, London EC3R 5BU. All rights reserved.