Bridging the C-suite: Perspectives from Aon’s CSO
Cyber incidents can impact every area of a business. Dismantling the silos across the C-suite is essential if an organization is to increase their odds in winning the cyber battle. Because security and technology are discussed at boardroom level, the link between executive leadership and the CSO must be strong.
Ransomware Attacks are Up: 8 Steps to Build Better Resilience
After more than a year of declining ransomware frequency, attacks increased in early 2023. Underwriting security controls and assessments have helped mitigate attacks, but better resilience is still needed. These eight steps can help build that resilience.
Europe, the Middle East and Africa: Forward Movement Demonstrates Shifting Mindset
EMEA companies focused on improving data security and safeguarding organizational data in 2022, partly driven by the Ukraine-Russia conflict.
Asia-Pacific: Shifting Threat Landscape
For the first time, cyber earns a place in Asia Pacific’s top five list of business risk rankings. Companies report improvement in cyber maturity levels with a focus on governance, data protection and supply chain controls
North America: Cyber Resiliency Improving — But with Room to Grow
Organizations across North America have recorded broad improvements in critical areas of cyber resiliency. However, there are opportunities for improvement in key areas such as backup strategy and MFA — particularly for small and medium-sized companies.
Latin America: Three Crucial At-Risk Control Areas
Latin American companies' overall cyber maturity is close to those in EMEA and the UK, yet three significant gaps surfaced: third-party management, business resilience and application security.
UK: Shifting Threat Landscape
Being aware of a risk does not mean that you’re ready. Overall cyber risk maturity for UK organizations marginally declined between 2020 and 2022 with some security domains faring exceptionally well while others slipped back.
How Cyber Risk Touches Nearly all Aspects of Business Risk
Increased underwriting rigor in the cyber and E&O insurance market helped drive growth in cyber risk maturity across industries and revenue bands in 2022.
Cyber Insider Threats are a Growing Business Risk
Malicious actors know that humans are fallible. In 2022, two in five companies reported a lack of security operations center (SOC) controls, intensifying insider risk.
Take These Steps to Mitigate Operational Risks
Insurance carriers prioritized controls related to operational risk in 2022, and clients responded. While ransomware data breaches dipped down for short period, there was an uptick in Q1 2023 and phishing and spear phishing schemes present great risk.
Build a Plan to Address the Perils of Reputational Risk
Cyber attacks can be damaging to shareholder value. But not all companies lose value because of an attack. Research revealed 17 companies that realized an average value impact, over and above the market, of +18 percent post-event, or a total value impact of $445bn following an incident.
Cyber Attacks on Supply Chains Are Causing a Widespread Impact
Cyber threats add a layer of complexity to supply chain risk. Third-party risk management, central to protecting the organization, received the lowest CyQu score of all nine scored domains.
Steps to Minimize Cyber’s Impact on Systemic Risk
The task of managing systemic risk has catapulted to the top of the priority list for the insurance industry as significant cyber events rang the alarm bell that systemic risk is considerable, and can cause widespread impact.
Actions to Improve Cyber Resilience in Finance and Insurance Sector
Backup security continues to be an area of vulnerability for the sector, and U.S. companies reported deficiencies in almost 40 percent of the critical IT controls. This domain needs to be an area of focus in 2023.
Healthcare Cyber Profile Improved, but Resilience Work Remains
No other sector must make security decisions that could impact the safety and wellbeing of patients like the healthcare sector. Mid-market and enterprise and global healthcare clients reported improved cyber risk profiles with the majority moving from “basic” to “managed”.
How Smart Manufacturing is Intensifying Business Risk
Manufacturers enjoyed steady improvement in their overall cyber risk profile between 2020 and 2022. But resilience is still a work in progress, with U.S. manufacturers especially lacking significant business resilience IT controls.
How Aon’s Cyber Quotient Evaluation (CyQu) platform and our data and analytics can support cyber insurance submissions.
Cyber resilience is a journey. This article explains how CyQu has been redesigned to streamline the complex process of gathering underwriting information year over year. By aligning a market of insurers around a single information intake process, CyQu encourages greater efficiency and collaboration.
Behind the Data: Research Methodology
2023 Cyber Resilience Report is based on proprietary client data collected from Aon’s Cyber Quotient...