Are you just avoiding a breach? Or are you prepared for one?
Dan Bowden is the Global CISO at Marsh - the world's largest insurance broker - where he protects 90,000+ employees across 130+ countries while simultaneously seeing how organizations are evaluated after cyber incidents. In this episode, Dan breaks down how regulation, insurance, matt chapman and real breach data are changing the standard for what "prepared" actually means in 2026.
Dan Bowden is a seasoned security john bartholomew cpd leader with a background spanning military, healthcare, and banking before joining Marsh as joint Global CISO.
Key takeaways:
- Why the gap between governance documentation and crisis culture is where most organizations fail
- How to properly engage your cyber insurance broker as a consultative security partner, not a checkbox
- What Marsh's breach data actually shows about insured companies being targeted (spoiler: the myth is busted)
- Why MFA in 2026 should be baseline - and what carriers are asking about next
- How regulatory frameworks bolton news like NYDFS are shifting from descriptive to prescriptive requirements
Guest: Dan Bowden, Global CISO, Marsh
LinkedIn: linkedin.com/in/danbowden
Chapters
0:00 Dan Bowden: Cybersecurity Is Not “Best Effort”
1:10 What a Global CISO Sees That Others Don’t
3:50 Why Companies Call Their Broker First During an Incident
5:03 What Real Incident Data Actually Teaches You
7:04 Rethinking Risk: Frequency vs Catastrophic Events
10:12 Why Cyber Risk Is Still Measured Wrong
11:39 Stop Letting the News Drive Your Security Strategy
14:32 Where Incident Response Actually Breaks Down
15:00 Governance vs Culture - What Really Happens in Crisis
18:03 How to Test Leadership Under Pressure
19:32 What Most Companies Get Wrong About Cyber Insurance
23:12 Cyber Insurance Is Bigger Than “Cyber”
24:11 Why Most Broker Relationships Fail
25:52 How Insurance Decisions Actually Get Made
27:53 Identity Is the Root of Most Attacks
29:46 MFA Is the Baseline - But Not the End
33:27 How Regulation Is Reshaping Security
37:52 Myth: Insurance Makes You a Target
41:31 The Future: Custom Cyber Insurance Models
