Marsh Company Cyber Security Posture
marsh.comWe help our clients and colleagues grow — and our communities thrive — by protecting and promoting Possibility. We seek better ways to manage risk and define more effective paths to the right outcome. We go beyond risk to rewards for our clients, our company, our colleagues, and the communities in which we serve. Marsh, a business of Marsh McLennan (NYSE: MMC), is the world’s top insurance broker and risk advisor. Marsh McLennan is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $23 billion and more than 85,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective.
Marsh Company Details
marsh
27488 employees
682847.0
524
Insurance
marsh.com
Scan still pending
MAR_2817045
In-progress
Marsh Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Marsh Global Score.png)
Marsh Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Marsh Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Marsh & McLennan Companies, Inc. | Breach | 60 | 3 | 6/2013 | MAR307072525 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The California Office of the Attorney General reported a data breach involving Kroll Background Screening Services, a subsidiary of Marsh & McLennan Companies, Inc. The breach occurred between June 2013 and September 2013, resulting in unauthorized access to personal information, including names and Social Security Numbers. The breach notification was reported on November 26, 2013. | |||||||
| Marsh McLennan | Breach | 85 | 4 | 4/2021 | MAR919072625 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The Washington State Office of the Attorney General reported that Marsh McLennan experienced a cyberattack involving unauthorized access to personal information on April 22, 2021, which was discovered on April 26, 2021. The breach potentially affected 2,550 Washington residents, with compromised information including names, Social Security numbers, driver's license numbers, and health insurance information. Notifications to affected individuals began on June 30, 2021. | |||||||
| Marsh McLennan | Data Leak | 50 | 2 | 04/2021 | MAR18242223 | Link | |
Rankiteo Explanation : Attack limited on finance or reputationDescription: Marsh & McLennan Cos. Inc. was hit by a data breach in April involving access to Social Security numbers and other personal information of staff, former staff, clients and a range of other people linked to the brokerage. Marsh McLennan notified that the breach involved a limited set of data and it reset system access rights and imposed additional restrictions. The information involved included names, Social Security numbers or other federal tax identification numbers. The company offered complimentary credit monitoring for two years, identity theft detection and resolution services and up to $1 million in identity theft insurance coverage. | |||||||
Marsh Company Subsidiaries
We help our clients and colleagues grow — and our communities thrive — by protecting and promoting Possibility. We seek better ways to manage risk and define more effective paths to the right outcome. We go beyond risk to rewards for our clients, our company, our colleagues, and the communities in which we serve. Marsh, a business of Marsh McLennan (NYSE: MMC), is the world’s top insurance broker and risk advisor. Marsh McLennan is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $23 billion and more than 85,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective.
Access Data Using Our API
Get company history
Rapid.png)
Marsh Cyber Security News
Why the cybersecurity gap between SMEs and large organisations matters
Discover the cyber resilience gap among SMEs, mid-cap, and large organisations in our report that includes the Federation of European Risk ...
Marsh highlights cybersecurity gap between SMEs and large organisations in the EU
According to Marsh, large organisations have been more effective at implementing cybersecurity controls than SMEs. Large organisations scored an ...
Marsh launches cybersecurity compliance program
The program aims to simplify the compliance process and offer enhanced cyber insurance coverage through participating insurers for those meeting ...
Marsh launches DOD cybersecurity certification program
Marsh said Wednesday it has launched its Cybersecurity Maturity Model Certification Program to help organizations that contract with the ...
Fundamental considerations for building cyber risk resilience
Cyber risk remains real and ever-present, providing an opportunity to implement key measures that can make a material difference in your ...
Marsh launches US DOD cybersecurity certification tool
Marsh has launched its Cybersecurity Maturity Model Certification (CMMC) programme to help organisations that contract with the US Department of ...
Inclusivity in Business honoree: Carmen Marsh, United Cybersecurity Alliance
United Cybersecurity Alliance CEO Carmen Marsh is among the honorees for this year's Inclusivity in Business Awards.
Third-party cyber risks impact all organizations
73% of organizations have experienced significant disruption caused by a third party, whether it be a data breach or ethical violation.
Marsh launches cyber insurance facility
Marsh, the global insurance broker and risk advisor, has launched a new cyber insurance facility aimed at organisations in the European Union, ...
Marsh Similar Companies
Swiss Re
The Swiss Re Group is a leading wholesale provider of reinsurance, insurance and other insurance-based forms of risk transfer. Dealing direct and working through brokers, its global client base consists of insurance companies, mid-to-large-sized corporations and public sector clients. From standard
Tokio Marine Group
Tokio Marine Group is a global insurance group that provides safety and security to customers worldwide. The Group consists of Tokio Marine Holdings and over 250 subsidiaries and 26 affiliates located in more than 480 cities in 46 countries and regions worldwide, operating extensively in the non-li
AJB Bumiputera 1912
AJB Bumiputera 1912 adalah perusahaan asuransi terkemuka di Indonesia dan membantu masyarakat Indonesia mewujudkan impian mereka melalui produk dan pelayanan finansial. Didirikan seabad yang lalu untuk memenuhi kebutuhan spesifik masyarakat Indonesia, AJB Bumiputera 1912 telah berkembang untuk me
QBE Insurance
QBE is an international insurer and reinsurer listed on the Australian Securities Exchange and headquartered in Sydney. We employ over 13,000 people in 26 countries. Leveraging our deep expertise and insights, QBE offers commercial, personal and specialty products and risk management solutions to h
State Farm Agent
At State Farm®, our mission is to help people manage the risks of everyday life, recover from the unexpected, and realize their dreams. A career as a State Farm® agent offers an incredible opportunity for motivated people to align themselves with a company that has earned the respect of its custome
AAA-The Auto Club Group
AAA - The Auto Club Group (ACG) is the second largest AAA club in North America, serving more than 13+ million members across 14 U.S. states, the province of Quebec, Puerto Rico, and the U.S. Virgin Islands. For over 100 years, AAA has provided safety, security, and peace of mind. ACG advances AAA’
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Marsh CyberSecurity History Information
How many cyber incidents has Marsh faced?
Total Incidents: According to Rankiteo, Marsh has faced 3 incidents in the past.
What types of cybersecurity incidents have occurred at Marsh?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Breach.
How does Marsh detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with reset system access rights, imposed additional restrictions.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Marsh McLennan Data Breach
Description: Unauthorized access to personal information including names, Social Security numbers, driver's license numbers, and health insurance information.
Date Detected: 2021-04-26
Date Publicly Disclosed: 2021-06-30
Type: Data Breach
Attack Vector: Unauthorized Access
Incident : Data Breach
Title: Marsh & McLennan Companies, Inc. Data Breach
Description: Unauthorized access to personal information, including names and Social Security Numbers, through Kroll Background Screening Services.
Date Detected: 2013-09
Date Publicly Disclosed: 2013-11-26
Type: Data Breach
Attack Vector: Unauthorized Access
Incident : Data Breach
Title: Marsh & McLennan Data Breach
Description: Marsh & McLennan Cos. Inc. was hit by a data breach in April involving access to Social Security numbers and other personal information of staff, former staff, clients, and a range of other people linked to the brokerage.
Date Detected: April 2023
Type: Data Breach
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach MAR919072625
Data Compromised: names, Social Security numbers, driver's license numbers, health insurance information
Incident : Data Breach MAR307072525
Data Compromised: Names, Social Security Numbers
Incident : Data Breach MAR18242223
Data Compromised: Social Security numbers, Federal tax identification numbers, Names
Identity Theft Risk: True
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are names, Social Security numbers, driver's license numbers, health insurance information, Names, Social Security Numbers, Social Security numbers, Federal tax identification numbers and Names.
Which entities were affected by each incident?
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Breach MAR18242223
Containment Measures: Reset system access rights, Imposed additional restrictions
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach MAR919072625
Type of Data Compromised: names, Social Security numbers, driver's license numbers, health insurance information
Number of Records Exposed: 2550
Sensitivity of Data: High
Personally Identifiable Information: True
Incident : Data Breach MAR307072525
Type of Data Compromised: Names, Social Security Numbers
Sensitivity of Data: High
Personally Identifiable Information: True
Incident : Data Breach MAR18242223
Type of Data Compromised: Social Security numbers, Federal tax identification numbers, Names
Sensitivity of Data: High
Personally Identifiable Information: True
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by reset system access rights and imposed additional restrictions.
References
Where can I find more information about each incident?
Incident : Data Breach MAR919072625
Source: Washington State Office of the Attorney General
Incident : Data Breach MAR307072525
Source: California Office of the Attorney General
Date Accessed: 2013-11-26
Incident : Data Breach MAR18242223
Source: Marsh & McLennan Cos. Inc.
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2013-11-26, and Source: Marsh & McLennan Cos. Inc..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident?
Incident : Data Breach MAR18242223
Customer Advisories: Complimentary credit monitoring for two years, Identity theft detection and resolution services, Up to $1 million in identity theft insurance coverage
What advisories does the company provide to stakeholders and customers following an incident?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Complimentary credit monitoring for two years, Identity theft detection and resolution services and Up to $1 million in identity theft insurance coverage.
Additional Questions
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2021-04-26.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2021-06-30.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, driver's license numbers, health insurance information, Names, Social Security Numbers, Social Security numbers, Federal tax identification numbers and Names.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Reset system access rights and Imposed additional restrictions.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were names, Social Security numbers, driver's license numbers, health insurance information, Names, Social Security Numbers, Social Security numbers, Federal tax identification numbers and Names.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 255.0.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are Washington State Office of the Attorney General, California Office of the Attorney General and Marsh & McLennan Cos. Inc..
Stakeholder and Customer Advisories
What was the most recent customer advisory issued?
Most Recent Customer Advisory: The most recent customer advisory issued were an Complimentary credit monitoring for two years, Identity theft detection and resolution services and Up to $1 million in identity theft insurance coverage.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
