aoncyber2023.unitedus.site Open in urlscan Pro
77.72.7.232  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to content

2023 Cyber Resilience Report | Navigating the path towards Cyber and Business
Resilience.
 * Talk to Our Team
 * Languages 
   * English
   * Español (LATAM)
   * Nederlands
   * Français (Canadien)
   * Português (LATAM)
   * Italiano
   * Español (España)
   * Français
   * Deutsch

 * Talk to Our Team
 * Languages 
   * English
   * Español (LATAM)
   * Nederlands
   * Français (Canadien)
   * Português (LATAM)
   * Italiano
   * Español (España)
   * Français
   * Deutsch

 * 
 * 
 * 
 * 

Navigating the path towards Cyber and Business Resilience.


2023 CYBER RESILIENCE REPORT

Companies of all sizes will find this report to be a resource and tool to help
inform Cyber risk decision-making in 2023 and beyond. Cyber resilience is a
journey, best navigated in partnership and through teamwork.

Find out more




EXECUTIVE WELCOME

Companies are coming off a challenging four years marked by the rise in the
number and severity of cyber threats and ransomware attacks, followed by an
insurance market with rising premiums and retentions and significant
underwriting scrutiny. In working with clients, we observed that the C-suite
came to the stark realization that cyber events have the potential to impact all
areas of their business. Consequentially, achieving cyber resilience is a
recurring theme in board room discussions and the threat is finally being
considered from a holistic risk perspective.

Between 2020 and 2022, insurers reacted to the sheer enormity of cyber risk and
the need to ensure profitability.

Increased underwriting rigor was introduced in the cyber and E&O market
resulting in deeper scrutiny of security controls, more rigid guidelines, and
re-evaluation of cyber risk overall.1 Based on Aon client-reported data,
organizations responded to this increased rigor and began to focus more on
improving risk maturity in controls designated as critical, or red flags, by
insurers.

This year’s report is a guide for leaders to benchmark their organization’s risk
maturity against peer companies and to help make better decisions around
managing cyber across six featured risk themes: cyber, operational, supply
chain, insider, reputational, and systemic. Data collected globally, from over
2,000 Aon clients across regions, industries, and revenue bands from Aon’s Cyber
Quotient (CyQu), a global eSubmission and risk assessment platform, inform this
Report. Augmenting this CyQu data is input from Aon’s Ransomware Supplemental
Application and Operational Technology Supplemental providing expanded
visibility into security controls prioritized by insurance carriers.2 This
client input was then layered with cyber claims market intelligence and enriched
with commentary from Aon’s Cyber Advisory and Digital Forensics & Incident
Response teams, allowing us to provide a comprehensive examination of cyber
resilience and risk within this report. The CyQu data helps clarify the broad
understanding that the insurance marketplace is a crucial driver of the accepted
controls that drive accepted maturity in cyber security. Clients reported that
cyber maturity and readiness improved between 2020 and 2022, realizing a global
average shift from “basic” to “managed”cyber maturity. Companies, in general,
employed measures to strengthen security domains and controls deemed critical by
insurers, including an increased focus on access management and multi-factor
authentication (MFA) strategies. Correlated with this, we saw ransomware claims
decline by 32 percent, and overall cyber insurance claims frequency decline by
14 percent in 2022.3

In contrast, based on the data, organizations across all sectors struggled with
third-party risk management, for which no sector reported a “managed” profile.
While this result is not surprising, it tends to validate a rising theme within
the cyber industry that the risk introduced across a company’s supply chain is
complex, and the deepening interconnection across technology stacks
exponentially increases third-party risk. As a result of this heightened risk,
most recently illustrated in a delivery platform data breach, we expect that
many insurers will shift their focus to systemic and correlated risk exposure
and impact this year.

This preliminary data marks the tip of the insight delivered across this report.
Individual articles comprise this report. Sector analysis is delivered for the
finance and insurance, healthcare, and manufacturing industries, and regional
views will be published for North America, EMEA, the United Kingdom, Latin
America, and Asia Pacific.

Navigating the path towards achieving cyber and ultimately, business resilience,
is a significant challenge for any organization. Resilience is an essential
component to help minimize risk from a financial, operational and reputational
perspective. It demands a holistic view that connects proactive risk management,
response preparation, and risk transfer mechanisms. Risk transfer is a
fundamental component of resilience and not limited to traditional insurance
placement alone. Captives and alternative capital are viable options to be
considered for balance sheet protection. Whether you are steering a Fortune 100
company or leading a small to medium-sized entity facing similar risks, yet
feeling underserved by the marketplace, I hope this report is a resource and
tool to help inform your 2023 and beyond decision-making. Cyber resilience is a
journey, best navigated in partnership and through teamwork.







Christian E. Hoffman
Aon Global Cyber Leader

 

References

1 Aon | E&O and Cyber Market Review | Midyear 2022. Midyear 2021 Errors &
Omissions | Cyber Insurance Snapshot (aon.com) 

2 See the ‘Methodology‘ article within Aon’s 2023 Cyber Resilience Report

3 Source: Risk Based Security, analysis by Aon. Data as of 1/3/2023



JUMP TO SECTION

 1. CyQu Story
 2. Key Risk Themes
 3. Industries
 4. Regions
 5. Data Methodology

Read More Read Less

Our Cyber Resilience Journey


THE STORY BEHIND AON’S CYBER QUOTIENT EVALUATION (CYQU)

Cyber resilience is a journey. This article explains how CyQu has been
redesigned to streamline the complex process of gathering underwriting
information year over year. By aligning a market of insurers around a single
information intake process, CyQu encourages greater efficiency, data-informed
decisions, and collaboration.

Find out more


MANAGING CYBER ACROSS SIX FEATURED RISK THEMES.

This year’s report is a guide for leaders to benchmark their organization’s risk
maturity against peer companies and to help make better decisions around
managing cyber across six featured risk themes: cyber, operational, supply
chain, insider, reputational, and systemic.

HOW CYBER RISK TOUCHES NEARLY ALL ASPECTS OF BUSINESS RISK

Increased underwriting rigor in the cyber and E&O insurance market helped drive
growth in cyber risk maturity across industries and revenue bands in 2022.

Learn more

CYBER INSIDER THREATS ARE A GROWING BUSINESS RISK

Malicious actors know that humans are fallible. In 2022, two in five companies
reported a lack of security operations center (SOC) controls, intensifying
insider risk.

Learn more

TAKE THESE STEPS TO MITIGATE OPERATIONAL RISKS

Insurance carriers prioritized controls related to operational risk in 2022, and
clients responded. While ransomware data breaches dipped down for short period,
there was an uptick in Q1 2023 and phishing and spear phishing schemes present
great risk.

Learn more

BUILD A PLAN TO ADDRESS THE PERILS OF REPUTATIONAL RISK

Cyber attacks can be damaging to shareholder value. But not all companies lose
value because of an attack. Research revealed 17 companies that realized an
average value impact, over and above the market, of +18 percent post-event, or a
total value impact of $445bn following an incident.

Learn more

CYBER ATTACKS ON SUPPLY CHAINS ARE CAUSING A WIDESPREAD IMPACT

Cyber threats add a layer of complexity to supply chain risk. Third-party risk
management, central to protecting the organization, received the lowest CyQu
score of all nine scored domains.

Learn more

STEPS TO MINIMIZE CYBER’S IMPACT ON SYSTEMIC RISK

The task of managing systemic risk has catapulted to the top of the priority
list for the insurance industry as significant cyber events rang the alarm bell
that systemic risk is considerable, and can cause widespread impact.

Learn more
Previous Next



BUILDING CYBER RESILIENCE ACROSS INDUSTRIES.



Sectors often face a complex globally interconnected risk landscape and leaders
should make decisions that demand rapid analysis and execution.

Finance and Insurance

Backup security continues to be an area of vulnerability for the sector, and
U.S. companies reported deficiencies in almost 40 percent of the critical IT
controls. This domain needs to be an area of focus in 2023.

Learn More

Healthcare

No other sector must make security decisions that could impact the safety and
wellbeing of patients like the healthcare sector. Mid-market and enterprise and
global healthcare clients reported improved cyber risk profiles with the
majority moving from “basic” to “managed”.

Learn More

Manufacturing

Manufacturers enjoyed steady improvement in their overall cyber risk profile
between 2020 and 2022. But resilience is still a work in progress, with U.S.
manufacturers especially lacking significant business resilience IT controls.

Learn More


CYBER MATURITY BY REGION

Companies’ overall cyber maturity can differ per region. Learn more about the
gaps, challenges and opportunities, including suggested steps leaders can take
to build cyber and business resilience.

ASIA-PACIFIC: SHIFTING THREAT LANDSCAPE

For the first time, cyber earns a place in Asia Pacific’s top five list of
business risk rankings. Companies report improvement in cyber maturity levels
with a focus on governance, data protection and supply chain controls

Learn more

EUROPE, THE MIDDLE EAST AND AFRICA: FORWARD MOVEMENT DEMONSTRATES SHIFTING
MINDSET

EMEA companies focused on improving data security and safeguarding
organizational data in 2022, partly driven by the Ukraine-Russia conflict.

Learn more

LATIN AMERICA: THREE CRUCIAL AT-RISK CONTROL AREAS

Latin American companies' overall cyber maturity is close to those in EMEA and
the UK, yet three significant gaps surfaced: third-party management, business
resilience and application security.

Learn more

NORTH AMERICA: CYBER RESILIENCY IMPROVING — BUT WITH ROOM TO GROW

Organizations across North America have recorded broad improvements in critical
areas of cyber resiliency. However, there are opportunities for improvement in
key areas such as backup strategy and MFA — particularly for small and
medium-sized companies.

Learn more

UK: SHIFTING THREAT LANDSCAPE

Being aware of a risk does not mean that you’re ready. Overall cyber risk
maturity for UK organizations marginally declined between 2020 and 2022 with
some security domains faring exceptionally well while others slipped back.

Learn more
Previous Next


Aon’s CSO Viewpoint


BRIDGING THE C-SUITE: PERSPECTIVES FROM AON’S CSO

Cyber incidents can impact every area of a business. Dismantling the silos
across the C-suite is essential if an organization is to increase their odds in
winning the cyber battle. Because security and technology are discussed at
boardroom level, the link between executive leadership and the CSO must be
strong.

Find out more

 

Build Ransomware Resilience


RANSOMWARE ATTACKS ARE UP: 8 STEPS TO BUILD BETTER RESILIENCE

After more than a year of declining ransomware frequency, attacks increased in
early 2023. Underwriting security controls and assessments have helped mitigate
attacks, but better resilience is still needed. These eight steps can help build
that resilience.

Find out more

 



Data Methodology


BEHIND THE DATA: RESEARCH METHODOLOGY

2023 Cyber Resilience Report is based on proprietary client data collected from
Aon’s Cyber Quotient Evaluation (CyQu) and Aon’s Ransomware Supplemental
Application and Operational Technology Supplemental.

Find out more

 

Let’s Connect


TALK TO OUR TEAM

Contact our team today to learn more about how we can help your business.

Contact us

2023 Cyber Resilience Report | Navigating the path towards Cyber and Business
Resilience.

Subscribe to Aon Insights for weekly articles, reports and updates from our team
of expert advisors

Subscribe

Back to top

© 2024 Aon plc

 * Privacy Policy
 * Legal
 * Cookie Preferences
 * Site Map
 * Do Not Sell My Data (US ONLY)

 * 
 * 
 * 
 * 