Marsh launches cybersecurity compliance program

Marsh, an insurance broker and risk advisor under Marsh McLennan, has introduced a program designed to support organizations contracting with the Department of Defense (DoD) in meeting forthcoming Cybersecurity Maturity Model Certification (CMMC) standards.

The program aims to simplify the compliance process and offer enhanced cyber insurance coverage through participating insurers for those meeting the requirements.

Read more: CYE warns of wide cyber insurance coverage gap

The CMMC rule, set to take effect in late 2024, will appear in select DoD contracts and solicitations by early to mid-2025. It establishes requirements for safeguarding sensitive unclassified information shared within the defense industrial base, which includes over 100,000 contractors and subcontractors. These organizations face increasingly sophisticated cyberattacks.

The rule mandates implementing up to 110 cybersecurity controls over three years, based on the sensitivity and type of information handled. Adherence to CMMC standards will be mandatory for securing DoD contracts.

To facilitate compliance, Marsh developed its Cybersecurity Maturity Model Certification Program in collaboration with select vendors and insurers focused on CMMC.

This program, integrated with Marsh’s Cybersecurity Marketplace Services, allows contractors to identify and compare cybersecurity tools and services that align with CMMC requirements.

Participants can access CMMC-focused consultants and assessors at reduced rates, streamlining the path to certification. Upon achieving compliance, organizations may qualify for improved cyber insurance terms and conditions from participating insurers.

Meredith Schnur, cyber practice leader for the US and Canada at Marsh, said that navigating the evolving cybersecurity landscape necessitates tailored solutions.

 “Marsh’s Cybersecurity Maturity Model Certification Program uniquely addresses the needs of defense contractors by helping them navigate the vast cybersecurity and CMMC vendor marketplace and make informed decisions based on their specific needs and budgets," said Schnur.

The program not only eases the process of meeting CMMC requirements but also improves cyber preparedness, providing contractors with broader insurance coverage and stronger overall resilience.

How might these new standards affect your organization’s approach to risk management? Share your thoughts in the comments.