www.aon.com Open in urlscan Pro
172.64.149.225  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to content

2023 Cyber Resilience Report | Navigating the path towards Cyber and Business
Resilience.
 * Talk to Our Team
 * Languages 
   * English
   * Français (Canadien)
   * 日本語
   * Español (LATAM)
   * Português (LATAM)
   * Español (España)
   * Nederlands
   * Italiano
   * Français
   * Deutsch

 * Talk to Our Team
 * Languages 
   * English
   * Français (Canadien)
   * 日本語
   * Español (LATAM)
   * Português (LATAM)
   * Español (España)
   * Nederlands
   * Italiano
   * Français
   * Deutsch

 * 
 * 
 * 
 * 

Navigating the path towards Cyber and Business Resilience.


2023 CYBER RESILIENCE REPORT

Companies of all sizes will find this report to be a resource and tool to help
inform Cyber risk decision-making in 2023 and beyond. Cyber resilience is a
journey, best navigated in partnership and through teamwork.

Find out more




EXECUTIVE WELCOME

Companies are coming off a challenging four years marked by the rise in the
number and severity of cyber threats and ransomware attacks, followed by an
insurance market with rising premiums and retentions and significant
underwriting scrutiny. In working with clients, we observed that the C-suite
came to the stark realization that cyber events have the potential to impact all
areas of their business. Consequentially, achieving cyber resilience is a
recurring theme in board room discussions and the threat is finally being
considered from a holistic risk perspective.

Between 2020 and 2022, insurers reacted to the sheer enormity of cyber risk and
the need to ensure profitability.

Increased underwriting rigor was introduced in the cyber and E&O market
resulting in deeper scrutiny of security controls, more rigid guidelines, and
re-evaluation of cyber risk overall.1 Based on Aon client-reported data,
organizations responded to this increased rigor and began to focus more on
improving risk maturity in controls designated as critical, or red flags, by
insurers.

This year’s report is a guide for leaders to benchmark their organization’s risk
maturity against peer companies and to help make better decisions around
managing cyber across six featured risk themes: cyber, operational, supply
chain, insider, reputational, and systemic. Data collected globally, from over
2,000 Aon clients across regions, industries, and revenue bands from Aon’s Cyber
Quotient (CyQu), a global eSubmission and risk assessment platform, inform this
Report. Augmenting this CyQu data is input from Aon’s Ransomware Supplemental
Application and Operational Technology Supplemental providing expanded
visibility into security controls prioritized by insurance carriers.2 This
client input was then layered with cyber claims market intelligence and enriched
with commentary from Aon’s Cyber Advisory and Digital Forensics & Incident
Response teams, allowing us to provide a comprehensive examination of cyber
resilience and risk within this report. The CyQu data helps clarify the broad
understanding that the insurance marketplace is a crucial driver of the accepted
controls that drive accepted maturity in cyber security. Clients reported that
cyber maturity and readiness improved between 2020 and 2022, realizing a global
average shift from “basic” to “managed”cyber maturity. Companies, in general,
employed measures to strengthen security domains and controls deemed critical by
insurers, including an increased focus on access management and multi-factor
authentication (MFA) strategies. Correlated with this, we saw ransomware claims
decline by 32 percent, and overall cyber insurance claims frequency decline by
14 percent in 2022.3

In contrast, based on the data, organizations across all sectors struggled with
third-party risk management, for which no sector reported a “managed” profile.
While this result is not surprising, it tends to validate a rising theme within
the cyber industry that the risk introduced across a company’s supply chain is
complex, and the deepening interconnection across technology stacks
exponentially increases third-party risk. As a result of this heightened risk,
most recently illustrated in a delivery platform data breach, we expect that
many insurers will shift their focus to systemic and correlated risk exposure
and impact this year.

This preliminary data marks the tip of the insight delivered across this report.
Individual articles comprise this report. Sector analysis is delivered for the
finance and insurance, healthcare, and manufacturing industries, and regional
views will be published for North America, EMEA, the United Kingdom, Latin
America, and Asia Pacific.

Navigating the path towards achieving cyber and ultimately, business resilience,
is a significant challenge for any organization. Resilience is an essential
component to help minimize risk from a financial, operational and reputational
perspective. It demands a holistic view that connects proactive risk management,
response preparation, and risk transfer mechanisms. Risk transfer is a
fundamental component of resilience and not limited to traditional insurance
placement alone. Captives and alternative capital are viable options to be
considered for balance sheet protection. Whether you are steering a Fortune 100
company or leading a small to medium-sized entity facing similar risks, yet
feeling underserved by the marketplace, I hope this report is a resource and
tool to help inform your 2023 and beyond decision-making. Cyber resilience is a
journey, best navigated in partnership and through teamwork.



Christian E. Hoffman
Aon Global Cyber Leader

 

References

1 Aon | E&O and Cyber Market Review | Midyear 2022. Midyear 2021 Errors &
Omissions | Cyber Insurance Snapshot (aon.com) 

2 See the ‘Methodology‘ article within Aon’s 2023 Cyber Resilience Report

3 Source: Risk Based Security, analysis by Aon. Data as of 1/3/2023



JUMP TO SECTION

 1. CyQu Story
 2. Key Risk Themes
 3. Industries
 4. Regions
 5. Aon’s CSO Viewpoint
 6. Ransomware
 7. Data Methodology

Read More Read Less

Our Cyber Resilience Journey


THE STORY BEHIND AON’S CYBER QUOTIENT EVALUATION (CYQU)

Cyber resilience is a journey. This article explains how CyQu has been
redesigned to streamline the complex process of gathering underwriting
information year over year. By aligning a market of insurers around a single
information intake process, CyQu encourages greater efficiency, data-informed
decisions, and collaboration.

Find out more


MANAGING CYBER ACROSS SIX FEATURED RISK THEMES.

This year’s report is a guide for leaders to benchmark their organization’s risk
maturity against peer companies and to help make better decisions around
managing cyber across six featured risk themes: cyber, operational, supply
chain, insider, reputational, and systemic.

HOW CYBER RISK TOUCHES NEARLY ALL ASPECTS OF BUSINESS RISK

Increased underwriting rigor in the cyber and E&O insurance market helped drive
growth in cyber risk maturity across industries and revenue bands in 2022.

Learn more

CYBER INSIDER THREATS ARE A GROWING BUSINESS RISK

Malicious actors know that humans are fallible. In 2022, two in five companies
reported a lack of security operations center (SOC) controls, intensifying
insider risk.

Learn more

TAKE THESE STEPS TO MITIGATE OPERATIONAL RISKS

Insurance carriers prioritized controls related to operational risk in 2022, and
clients responded. While ransomware data breaches dipped down for short period,
there was an uptick in Q1 2023 and phishing and spear phishing schemes present
great risk.

Learn more

BUILD A PLAN TO ADDRESS THE PERILS OF REPUTATIONAL RISK

Cyber attacks can be damaging to shareholder value. But not all companies lose
value because of an attack. Research revealed 17 companies that realized an
average value impact, over and above the market, of +18 percent post-event, or a
total value impact of $445bn following an incident.

Learn more

CYBER ATTACKS ON SUPPLY CHAINS ARE CAUSING A WIDESPREAD IMPACT

Cyber threats add a layer of complexity to supply chain risk. Third-party risk
management, central to protecting the organization, received the lowest CyQu
score of all nine scored domains.

Learn more

STEPS TO MINIMIZE CYBER’S IMPACT ON SYSTEMIC RISK

The task of managing systemic risk has catapulted to the top of the priority
list for the insurance industry as significant cyber events rang the alarm bell
that systemic risk is considerable, and can cause widespread impact.

Learn more
Previous Next



BUILDING CYBER RESILIENCE ACROSS INDUSTRIES.



Sectors often face a complex globally interconnected risk landscape and leaders
should make decisions that demand rapid analysis and execution.

Finance and Insurance

Backup security continues to be an area of vulnerability for the sector, and
U.S. companies reported deficiencies in almost 40 percent of the critical IT
controls. This domain needs to be an area of focus in 2023.

Learn More

Healthcare

No other sector must make security decisions that could impact the safety and
wellbeing of patients like the healthcare sector. Mid-market and enterprise and
global healthcare clients reported improved cyber risk profiles with the
majority moving from “basic” to “managed”.

Learn More

Manufacturing

Manufacturers enjoyed steady improvement in their overall cyber risk profile
between 2020 and 2022. But resilience is still a work in progress, with U.S.
manufacturers especially lacking significant business resilience IT controls.

Learn More


CYBER MATURITY BY REGION

Companies’ overall cyber maturity can differ per region. Learn more about the
gaps, challenges and opportunities, including suggested steps leaders can take
to build cyber and business resilience.

ASIA-PACIFIC: SHIFTING THREAT LANDSCAPE

For the first time, cyber earns a place in Asia Pacific’s top five list of
business risk rankings. Companies report improvement in cyber maturity levels
with a focus on governance, data protection and supply chain controls

Learn more

EUROPE, THE MIDDLE EAST AND AFRICA: FORWARD MOVEMENT DEMONSTRATES SHIFTING
MINDSET

EMEA companies focused on improving data security and safeguarding
organizational data in 2022, partly driven by the Ukraine-Russia conflict.

Learn more

LATIN AMERICA: THREE CRUCIAL AT-RISK CONTROL AREAS

Latin American companies' overall cyber maturity is close to those in EMEA and
the UK, yet three significant gaps surfaced: third-party management, business
resilience and application security.

Learn more

NORTH AMERICA: CYBER RESILIENCY IMPROVING — BUT WITH ROOM TO GROW

Organizations across North America have recorded broad improvements in critical
areas of cyber resiliency. However, there are opportunities for improvement in
key areas such as backup strategy and MFA — particularly for small and
medium-sized companies.

Learn more

UK: SHIFTING THREAT LANDSCAPE

Being aware of a risk does not mean that you’re ready. Overall cyber risk
maturity for UK organizations marginally declined between 2020 and 2022 with
some security domains faring exceptionally well while others slipped back.

Learn more
Previous Next


Aon’s CSO Viewpoint


BRIDGING THE C-SUITE: PERSPECTIVES FROM AON’S CSO

Cyber incidents can impact every area of a business. Dismantling the silos
across the C-suite is essential if an organization is to increase their odds in
winning the cyber battle. Because security and technology are discussed at
boardroom level, the link between executive leadership and the CSO must be
strong.

Find out more

 

Build Ransomware Resilience


RANSOMWARE ATTACKS ARE UP: 8 STEPS TO BUILD BETTER RESILIENCE

After more than a year of declining ransomware frequency, attacks increased in
early 2023. Underwriting security controls and assessments have helped mitigate
attacks, but better resilience is still needed. These eight steps can help build
that resilience.

Find out more

 



Data Methodology


BEHIND THE DATA: RESEARCH METHODOLOGY

2023 Cyber Resilience Report is based on proprietary client data collected from
Aon’s Cyber Quotient Evaluation (CyQu) and Aon’s Ransomware Supplemental
Application and Operational Technology Supplemental.

Find out more

 

Let’s Connect


TALK TO OUR TEAM

Contact our team today to learn more about how we can help your business.

Contact us

2023 Cyber Resilience Report | Navigating the path towards Cyber and Business
Resilience.

Subscribe to Aon Insights for weekly articles, reports and updates from our team
of expert advisors

Subscribe

Back to top

© 2024 Aon plc

 * Privacy Policy
 * Legal
 * Cookie Preferences
 * Site Map
 * Do Not Sell My Data (US ONLY)

 * 
 * 
 * 
 * 



We use strictly necessary cookies to make our site work. We’d also like to set
either first or third party optional cookies to improve the experience on this
site. To view the categories of cookies on this site, and to set your cookie
preferences, please click on the Choose Optional Cookies button. If you click on
Accept All Cookies then all cookies, including optional cookies will be loaded
on your browser. If you close this banner or choose Reject Optional Cookies,
then only strictly necessary cookies remain on your browser. Cookie Notice


Choose Optional Cookies Reject All Accept All Cookies



PRIVACY PREFERENCE CENTER




 * YOUR PRIVACY


 * STRICTLY NECESSARY COOKIES


 * PERFORMANCE COOKIES


 * FUNCTIONAL COOKIES


 * TARGETING AND ADVERTISING COOKIES


 * SOCIAL MEDIA COOKIES


 * ANALYTICS COOKIES

YOUR PRIVACY

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information

STRICTLY NECESSARY COOKIES

Always Active

Strictly necessary cookies are essential to enable you to move around the
website and use its features, such as accessing secure areas of the website.
Without these cookies, services you have asked for, like shopping baskets or
e-billing, cannot be provided. Please note that we may from time to time modify
or update our strictly necessary cookies. When that happens, we will update our
list accordingly.

Cookies Details‎

PERFORMANCE COOKIES

Performance Cookies


Performance cookies collect information about how visitors use Aon’s website,
for instance which pages visitors go to most often, and if they get error
messages from web pages. These cookies don't collect information that identifies
a visitor. All information these cookies collect is aggregated is therefore
anonymous. It is only used to improve how a website works. Please note that we
may from time to time modify or update our performance cookies. When that
happens, we will update our list accordingly.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies


These cookies allow the website to remember choices you make (such as your user
name, language or the region you are in) and provide enhanced, more personal
features. For instance, a website may be able to provide you with local weather
reports or traffic news by storing in a cookie the region in which you are
currently located. These cookies can also be used to remember changes you have
made to text size, fonts and other parts of webpages that you can customise.
They may also be used to provide services you have asked for, such as watching a
video or commenting on a blog. The information these cookies collect may be
anonymised and they cannot track your browsing activity on other websites.
Please note that we may from time to time modify or update our functional
cookies. When that happens, we will update our list accordingly.

Cookies Details‎

TARGETING AND ADVERTISING COOKIES

Targeting and Advertising Cookies


These cookies are used to deliver advertisements more relevant to you and your
interests. They are also used to limit the number of times you see an
advertisement as well as help measure the effectiveness of the advertising
campaign. They are usually placed by advertising networks with the website
operator’s permission. They remember that you have visited a website and this
information is shared with other organisations such as advertisers. Quite often
targeting or advertising cookies will be linked to site functionality provided
by the other organisation. Please note that we may from time to time modify or
update our targeting cookies. When that happens, we will update our list
accordingly.

Cookies Details‎

SOCIAL MEDIA COOKIES

Social Media Cookies


These cookies allow you to interact with social networks (Facebook, Twitter,
LinkedIn, etc.), and can process data such as the number of content shared
through your social networks, etc. These features are based on third-party
applications integrated into our website. The social network providing such an
application button is likely to identify you through this button, even if you
did not use this button when you visited our website. Visit the privacy
protection policies of these social networks to learn about the ways they use
the information they may collect via these cookies. Please note that we may from
time to time modify or update our cookies. When that happens, we will update our
list accordingly

Cookies Details‎

ANALYTICS COOKIES

Analytics Cookies


We use Analytics cookies to collect information about how visitors use our
website. These cookies collect information in the aggregate to give us insight
into how our website is being used. For example, the number of users on a
website, how long they stay on the site for, and what parts of the site they
visit. This is also sometimes known as ‘web audience measurement’. This work is
often done ‘in the background’. Please note that we may from time to time modify
or update our cookies. When that happens, we will update our list accordingly

Cookies Details‎
Back Button


COOKIE LIST

Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Clear
checkbox label label
Apply Cancel
Confirm My Choices
Reject All Allow All