More Like This
-
Capability Overview
Cyber Resilience
-
Article
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside
September 28, 2023 13 mins
Escalating Cyber Security Risks Mean Businesses Need to Build Resilience
As cyber threats continue to increase it is vital that businesses build ongoing operational cyber resilience to help assess, mitigate and transfer risk, and recover should an attack occur.
Key Takeaways
-
Threat actors continue to develop cyber threats that are more sophisticated and often a challenge for businesses of all sizes.
-
Cyber security is no longer a one-off, point-in-time exercise. Businesses need a model that continuously evaluates their cyber posture.
-
Cyber resilience can be achieved through actions that include linear thinking that assesses, mitigates and transfers risk and then pre-planning to be ready for when things go wrong.
Technology touches nearly every aspect of business. As new threats continue to emerge and threat actors grow in sophistication, mitigating cyber risk and building cyber resilience are ongoing challenges for businesses of all sizes. During Cyber Security Awareness Month Aon will be highlighting four key elements within the cyber resilience journey – assess, mitigate, transfer and recover.
Global Cyber Leader Christian Hoffman and Cyber Chief Trust Officer Kate Kuehn begin the month by looking at how organizations can work to build strong cyber security practices — which can help build overall operational cyber resilience:
-
As we move into Cyber Security Awareness Month how can businesses stay ahead of growing cyber threats and build the right resilience model?
Christian Hoffman: Cyber risk is business risk, first and foremost – therefore it is essential for risk buyers and chief information security officers (CISOs) to have a solid relationship with their boards and the C-suite and understand how their company’s business initiatives tie back to cyber security.
That said, cyber security is no longer simply a point-in-time exercise —businesses need a model that reevaluates their cyber posture on a continuous basis.
That’s because cyber evolves quickly, often faster than other risk exposures a business faces. Threat actors continue to enhance their tactics and businesses are encouraged to create a resilient structure for the best possible defense, and then continuously reevaluate it.
Kate Kuehn: Let’s take the ransomware threat as an example. After five quarters of declining frequency in late 2021 and 2022, ransomware attacks rebounded in the first six months of 2023 with a 176 percent frequency increase, according to Aon data. We’re seeing many circumstances that may have caused that lull, but the risk was always present, and threat actors continue to figure out new attack methods. It was critical that businesses didn’t think that the risk was mitigated because it is back.
Artificial intelligence is also being used to automate attacks, scan surfaces, and generate realistic-looking phishing content. AI has helped threat actors innovate and develop new attack strategies, enabling many of them to stay a step ahead of cyber defense strategies.
-
Building cyber resilience is a constant process. How should risk managers and CISOs use that thinking when building their cyber security program?
Kate: You’re right that the journey does not end. The cyber resilience journey has a financial component from a risk transfer perspective, a technical component, a human component and there is also a compliance or regulatory component. You must consider all four when looking at the journey holistically and realize that, given the non-static nature of business, there will never be a beginning and end to resilience.
Resilience can be achieved through actions that include linear thinking – starting with assessing and identifying where risk lives within your organization and its cyber impact. And then taking proactive steps to mitigate that risk. That’s where leveraging brokers and security controls to understand what a mature security posture can look like helps you go from assessing and identifying risk to actually creating risk transfer solutions like cyber insurance. And then making sure you have a holistic program in place and also pre-planning to be ready for when things go wrong.
Christian: Cyber resilience also needs to be looked at from a holistic view of compliance, and whether you are doing the things to help ensure that your organization is not only cyber mature but also aware of regulatory and external pressures and artificial intelligence and how they're going to be impacting both opportunities for digital disruption within your industry and from a cyber perspective.
From a risk transfer perspective, applying scenario-based financial modeling and applying that to building an insurance program that is bespoke to a particular organization, including the risks it has, the industry it is in, and the challenges it faces. Then ultimately, you’re using all that information to build an informed risk program, including transfer, retention, captives, etc.
-
Throughout Cyber Security Awareness Month we will provide deeper dives into the four points of the cyber resilience journey. Can we get your take on each point here?
Christian: Sure, and it is important to note that organizations may start at any of the four points depending on where they are in their current cyber security journey:
- Assess: Throughout an assessment, data and insights are collected and examined to understand how security controls directly impact balance sheet exposure. An assessment can then help you make strategic decisions on what risk to avoid, mitigate or transfer in the context of an organization’s mission, culture and risk appetite.
- Mitigate: A gap often exists between understanding the technical risk of an identified vulnerability and the related financial exposure. A cyclical approach to risk mitigation can bridge this gap, enabling organizations to make risk-informed decisions and implement changes (or fixes) that can enhance security maturity and help maximize return on security investment.
- Transfer: Genuine risk transfer and risk acceptance that safeguards the balance sheet is a cyclical, objective exercise that engages stakeholders from across the organization. Quantifying maximum probable cyber losses enables senior stakeholders to understand the magnitude of potential losses and what those losses might constitute. Armed with this knowledge, businesses can make decisions around risk-bearing appetite and the levels of risk transfer.
- Recover: While a cyber attack itself might be short-lived, its impact can last much longer, and the road to recovery is often complex. Advance preparation is key to enable a business to activate a response quickly and successfully. A full recovery needs to quantify the impact and manage third-party and insurance claims to help ensure maximum recovery of costs and get to a goal of a cashflow-neutral position. Immediate response, containment and investigation need to be combined with assessing operational and financial impact, presenting insurable losses to advance the claims process, and supporting third-party and regulatory claims − all measured and aligned to business objectives.
-
Let’s also get your perspective on the human aspect of cyber defense.
Kate: People remain the easiest target and also the best defense in cyber security. We are all too often the simplest way for an attacker to gain access to systems and networks, but we are also the first line of defense in identifying suspicious activity that can lead to a breach. As a result, cyber security first and foremost has always been about people, and that is even more important now that we are in an extended hybrid work environment.
Nearly half of all compromises are due to human error; employees clicking on a link in a phishing email, reacting to a business email compromise message that falsely comes from an executive, and more. Training and creating a culture around cyber preparedness is incredibly important. HR leaders should be brought onboard to reinforce the importance of periodic training, and support frequent, clear communications.
Christian: A key component of cyber defense is to create a top-down culture of compliance throughout the organization, inclusive of cyber security, working across all human resources specialties including onboarding, learning and development and change management. Every person in an organization must have an awareness and understanding of the role they play in the company -- cyber culture is often one of the best lines of defense for an organization.
Make sure it is known that the organization takes security seriously and has a zero-tolerance policy on breaches of compliance and security protocols. Cyber security is about protecting the greater good. The end goal is to build a resiliency model where people approach cyber security in their everyday lives – both personally and in the business.
-
AI is changing cyber security for threat actors and defenders. What can businesses be doing to help counter that?
Kate: The reality is that artificial intelligence has been around for more than 50 years, and the opportunities we see to enhance digital innovation and digital disruption are now being realized across many organizations, though many have been in production for over a decade. Whether it's helping prevent data leaks, make decisions, or supporting things like precision agriculture, autonomous vehicles, or helping relieve traffic congestion, AI is here to stay. And we're seeing a major shift in how we're leveraging AI from traditional machine learning to rapid advancements around generative AI and Natural Language Processing.
However, as we continue to innovate with all types of AI, so do the threat actors. They are leveraging it as well to look for vulnerabilities and exploitations in code, to automate attacks, generate authentic-looking phishing content, to break passwords more quickly, and more. There are two sides to the coin.
If companies don't start adopting more holistic methodologies around AI and how they approach looking at opportunities and risks from a cyber perspective, they may find they're going to miss the boat because many of our adversaries already are there.
Christian: It’s important that we demystify AI and teach people about its evolving human threats to us. Meaning, we must understand how AI impacts human psychology and exploits human behavior, which in turn further can heighten the security risk.
That’s why teaching people – professionally and personally – to think about resiliency and the steps that must be taken is so key. Every time someone sits behind a computer they should be thinking about cyber resilience as a way of life.
As AI continues to become more mainstream, I also want to stress the importance of establishing business governance practice with the policies, procedures and controls to help ensure that AI models are developed in compliance with regulatory and ethical standards.
General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
-
Podcast 34 mins
On Aon’s Better Being Series: The World Wellbeing Movement -
Podcast 29 mins
On Aon’s Better Being Series: Mental Health and Creating Kinder Cultures -
Podcast 28 mins
On Aon’s Better Being Series: Managing Loss and Grief -
Podcast 25 mins
On Aon’s Better Being Series: Measuring Wellbeing -
Podcast 26 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience -
Podcast 24 mins
On Aon’s Better Being Series: Human Sustainability
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
-
Cyber Labs 16 mins
Detecting “Effluence”, An Unauthenticated Confluence Web Shell -
Cyber Labs 10 mins
Financially Motivated Criminal Group Targets Telecom, Technology & Manufacturing -
Article 14 mins
From Risk to Reward: Turning Data Breaches into Deal Value -
Article 14 mins
To Combat Cyber Risk, Businesses Invest in Resilience -
Article 12 mins
For Cyber Readiness, the CISO and CRO Join Forces -
Article 19 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling Globally -
Article 38 mins
Buyer-Friendly Cyber and E&O Market: How to Take Advantage -
Article 8 mins
Managing Cyber Risk through Return on Security Investment -
Article 27 mins
Top 5 Cyber Threats To Mergers and Acquisitions -
Article 15 mins
Cyber Attacks: How to Rapidly Detect, Respond and Contain Damage -
Article 12 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
-
Article 24 mins
Why Now is the Right Time to Customize Cyber and E&O Contracts -
Article 9 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks -
Article 19 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling Globally -
Article 8 mins
Managing Cyber Risk through Return on Security Investment -
Article 12 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside -
Article 17 mins
Why HR Leaders Must Help Drive Cyber Security Agenda -
Article 13 mins
Escalating Cyber Security Risks Mean Businesses Need to Build Resilience
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
-
Article 16 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work -
Article 14 mins
Making Wellbeing Part of a Company’s DNA -
Podcast 25 mins
On Aon’s Better Being Series: Measuring Wellbeing -
Article 14 mins
Addressing the Wellbeing Disconnect With a Data-Informed Strategy -
Podcast 26 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience -
Article 10 mins
Why Workforce Wellbeing is Vital to Company Performance -
Article 9 mins
COVID-19 has Permanently Changed the Way We Think About Wellbeing
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
-
Article 9 mins
ESG Data: How Businesses Can Use Data to Gain an Edge -
Article 12 mins
Why ESG Is Even More Important In A Crisis Like COVID-19 -
Podcast 19 mins
On Aon Podcast: Approach to DE&I in the Workplace
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
-
Article 20 mins
Q4 2023: Global Insurance Market Overview -
Article 19 mins
Top Risk Trends to Watch in 2024 -
Article 11 mins
Generative AI: Emerging Risks and Insurance Market Trends
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
-
Article 22 mins
Top Risks Facing Organizations in Asia Pacific -
Article 21 mins
Top Risks Facing Organizations in North America -
Article 18 mins
Top Risks Facing Organizations in Europe -
Article 19 mins
Top Risks Facing Organizations in Latin America -
Article 18 mins
Top Risks Facing Organizations in the Middle East and Africa -
Article 21 mins
Top Risks Facing Organizations in the United Kingdom
Human Capital Analytics
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
-
Article 29 mins
How Technology Will Transform Employee Benefits in the Next Five Years -
Podcast 20 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits -
Article 20 mins
Integrating Workforce Data to Uncover Hidden Insights -
Article 30 mins
How Employers Can Use Data to Improve Their Health Plans -
Podcast 25 mins
On Aon’s Better Being Series: Measuring Wellbeing -
Article 14 mins
Addressing the Wellbeing Disconnect With a Data-Informed Strategy -
Article 15 mins
Designing Tomorrow: Personalizing EVP, Benefits and Total Rewards -
Article 12 mins
How to Balance Cost with Growth in a Shifting Talent Market -
Article 13 mins
How Companies are Mitigating Rising Medical Costs -
Article 13 mins
How Data and Analytics Can Optimize HR Programs
Insights for HR
Explore our hand-picked insights for human resources professionals.
-
Article 9 mins
COVID-19 has Permanently Changed the Way We Think About Wellbeing -
Article 11 mins
DE&I in Benefits Plans: A Global Perspective -
Article 13 mins
How Data and Analytics Can Optimize HR Programs -
Article 17 mins
Why HR Leaders Must Help Drive Cyber Security Agenda -
Article 10 mins
Case Study: The LPGA Unlocks Talent Potential with Data -
Article 16 mins
Navigating the New EU Directive on Pay Transparency -
Article 14 mins
How to Design Better Talent Assessment to Promote DE&I -
Article 8 mins
Training and Transforming Managers for the Future of Work -
Article 10 mins
Rethinking Your Total Rewards Programs During Mergers and Acquisitions -
Article 21 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across Industries
Workforce
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
-
Article 16 mins
Driving Inclusion and Diversity with Employee Benefits -
Article 24 mins
Five Big Human Resources Trends to Watch in 2024 -
Article 13 mins
How Companies are Mitigating Rising Medical Costs -
Report 2 mins
The Global Medical Trend Rates Report 2024 -
Podcast 26 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience -
Article 16 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work -
Article 14 mins
Addressing the Wellbeing Disconnect With a Data-Informed Strategy -
Article 28 mins
Advancing Women’s Health and Equity Through Benefits and Support -
Podcast 20 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits -
Article 12 mins
How Collective Retirement Plans Help Support Financial Sustainability -
Article 15 mins
Four Ways Retirement Plans Can Reduce the Gender Savings Gap -
Article 24 mins
Understanding and Preparing for the Rise in Pay Transparency
Mergers and Acquisitions
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
-
Article 21 mins
Exit Strategy Value Creation Opportunities Exist as Economic Pressures Persist -
Article 10 mins
Future Trends for Financial Sponsors: Secondary Transactions -
Article 16 mins
ESG Factors are Carrying Increasing Importance in Mergers and Acquisitions Dealmaking -
Article 24 mins
3 Ways to Unlock M&A Value in a Challenging Credit Environment -
Article 14 mins
An Ever-Complex Global Tax Environment Requires Strong M&A Risk Solutions -
Article 8 mins
Project Management for HR: The Secret Behind a Successful M&A Deal -
Article 18 mins
Cultural Alignment Planning Drives M&A Success -
Article 14 mins
From Risk to Reward: Turning Data Breaches into Deal Value
Navigating Volatility
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Parametric Insurance
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
-
Article 21 mins
Why Parametric Solutions Should Be Part of Your Next Renewal Conversation -
Article 13 mins
Parametric Insurance: A Complement to Traditional Property Coverage -
Article 14 mins
Using Parametric Insurance to Match Capital to Climate Risk -
Article 10 mins
Using Parametric Insurance to Close the Earthquake Protection Gap -
Article 21 mins
How Technology Enhancements are Boosting Parametric
Property Risk Management
Our Property Risk Management collection gives you access to the latest insights from Aon's thought leaders to help organizations make better decisions. Explore our latest insights to learn how your organization can benefit from property risk management.
-
Article 18 mins
Navigating the Challenges of the Year-End Property Market -
Article 10 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market -
Podcast 19 mins
On Aon Podcast: Navigating and Preparing for Catastrophes -
Article 13 mins
Parametric Insurance: A Complement to Traditional Property Coverage -
Article 12 mins
Navigating Climate Risk Using Multiple Models and Data Sets -
Article 9 mins
Rising Losses From Severe Convection Storms Mostly Explained by Exposure Growth -
Article 21 mins
Why Parametric Solutions Should Be Part of Your Next Renewal Conversation -
Article 10 mins
Using Parametric Insurance to Close the Earthquake Protection Gap
Technology
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
-
Article 20 mins
5 Ways Artificial Intelligence can Boost Claims Management -
Article 8 mins
Artificial Intelligence and the Next Frontier for Financial Institutions -
Article 12 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside -
Article 9 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks -
Article 18 mins
Overcoming the Reputational Cost of Cyber Attacks: The 10-Day Plan -
Article 17 mins
Why HR Leaders Must Help Drive Cyber Security Agenda -
Article 15 mins
How to Futureproof Data and Analytics Capabilities for Reinsurers
Top 10 Global Risks
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
-
Article 14 mins
Cyber Attack or Data Breach -
Article 9 mins
Business Interruption -
Article 10 mins
Economic Slowdown or Slow Recovery -
Article 12 mins
Failure to Attract or Retain Top Talent -
Article 12 mins
Regulatory or Legislative Changes -
Article 10 mins
Supply Chain or Distribution Failure -
Article 14 mins
Commodity Price Risk or Scarcity of Materials -
Article 10 mins
Damage to Brand or Reputation -
Article 10 mins
Failure to Innovate or Meet Customer Needs -
Article 10 mins
Increasing Competition
Trade
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
-
Report 5 mins
Global Risk Management Survey -
Article 10 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market -
Article 10 mins
Managing Project Risks: 5 Ways Credit Solutions Can Help -
Article 34 mins
Cutting Supply Chains: How to Achieve More Reward with Less Risk -
Article 24 mins
Driving Private Equity Value Creation Through Credit Solutions -
Article 12 mins
Tips for 2024 Salary Increase Planning -
Article 12 mins
4 Steps to Help Take Advantage of a Buyer-Friendly Directors' & Officers' Market -
Article 18 mins
Managing Reputational Risks in Global Supply Chains -
Article 10 mins
How an Outsourced Chief Investment Officer Can Help Improve Governance and Manage Complexity -
Article 12 mins
Decarbonizing Your Business: Finding the Right Insurance and Strategy -
Article 17 mins
Reputation Analytics as a Leading Indicator of ESG Risk
Weather
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
-
Report 5 mins
Climate and Catastrophe Insight -
Article 26 mins
How Investors are Making Better Decisions Amid a Changing Climate -
Article 12 mins
Improving Agricultural Practices to Address Climate Risks -
Article 22 mins
Understanding Freeze Risk in a Changing Climate -
Article 19 mins
Insurance Plays a Key Role in Transitioning to a Low Carbon Future -
Article 17 mins
How Academic Research Can Help Drive Climate Risk Resilience -
Podcast 11 mins
On Aon Podcast: Climate Science Through Academic Collaboration -
Article 11 mins
How Companies Are Using Climate Modeling to Improve Risk Decisions -
Podcast 9 mins
On Aon Insights: Climate and Supply Chain -
Article 14 mins
Using Parametric Insurance to Match Capital to Climate Risk -
Article 27 mins
How the Construction Industry is Navigating Climate Change -
Article 16 mins
Record Heatwaves: Protecting Employee Health and Safety
Workforce Resilience
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
-
Article 12 mins
Using Data to Close Workforce Gaps in Financial Institutions -
Article 11 mins
Using Data to Close Workforce Gaps in Retail Companies -
Article 15 mins
Using Data to Close Workforce Gaps in Technology Companies -
Article 8 mins
Using Data to Close Workforce Gaps in Manufacturing Companies -
Article 14 mins
Using Data to Close Workforce Gaps in Life Sciences Companies -
Report 9 mins
Measure Workforce Resilience for Better Business Outcomes -
Podcast 21 mins
On Aon Podcast: Methodology to Predict Employee Performance for the LPGA -
Article 17 mins
What Does a Resilient Workforce Look Like? -
Article 8 mins
Training and Transforming Managers for the Future of Work -
Article 21 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across Industries
More Like This
-
Article 7 mins
Parametrics Unlock Solutions For Future Risks
Macrotrends are transforming our world and creating emerging property-casualty exposures, which will have profound implications for the insurance industry.
-
Article 13 mins
U.S. Cyber Insurance: Market Trends and Opportunities
Understanding market trends and future projections in an evolving cyber insurance market is paramount to strengthening risk mitigation and transfer strategies.
-
Article 10 mins
How Climate Modeling Can Mitigate Risks and Improve Resilience in the Construction Industry
In an era of escalating climate-related challenges, the construction industry is turning to advanced climate modeling to fortify its risk management strategies.
