Balancing risk and opportunity through better decisions

Cyber risk runs deep. Is your organization making informed decisions around its cyber budget?

Aon’s 2021 Cyber Security Risk Report helps answer this question.

Explore the report

Now, more than ever, global leaders are finding themselves under increasing pressure.

Revenues are down, budgets are constrained, and the continuous rush to transform has organizations playing catch-up in the cyber security game. All of which means making tougher decisions in increasingly complex environments.

The majority of the cyber threats organizations face today are not new — connected devices, ransomware, and insider risk will be ever-present. But what is new is that COVID-19 ushered in a 360-degree shift in the nature of business, and in turn exponentially intensified cyber risk.

Underpinned by proprietary data and expert insight, this report explores four key risk themes, and helps organizations evaluate their cyber risk maturity to make better enterprise risk decisions.

Evaluate cyber risk across four key themes

Explore the most pertinent cyber risks, and map them to key cyber security controls, to determine actions your organization can take to close cyber security gaps.

Navigate New Exposures: 
Rapid Digital Evolution

Navigate new exposures:
Rapid digital evolution


Only 40% of organizations report having adequate remote work strategies to manage this risk.

Know Your Partners: 
Third-Party Risk

Know your partners:
Third-party risk


Just 21% of organizations report having baseline measures in place to oversee critical suppliers and vendors.

Concentrate on controls: Ransomware

Concentrate on controls:


Only 31% of organizations report having adequate business resilience measures in place to deal with ransomware threats.

Perfect the basics: Regulation

Perfect the Basics:


Less than two in five organizations (36%) report having adequate levels of data security preparedness.

How does your industry stack up?

Aon’s Cyber Quotient Evaluation (CyQu) data tell us that organizations, across multiple industries, are on average performing under baseline, and only maintaining a basic level of cyber readiness.

  • Construction Construction
  • Energy, utilities and natural resources Energy, utilities and natural resources
  • Financial institutions Financial institutions
  • Life sciences Life sciences
  • Manufacturing Manufacturing
  • Professional services Professional services
  • Retail Retail
  • Technology, media and telecommunications Technology, media and telecommunications

Cyber Quotient Evaluation (CyQu)

CyQu is a cyber risk assessment that evaluates cyber risk across 9 security domains and 35 critical control areas.

1Data Security
  • Data Classification
  • User Awareness and Training
  • Data Protection
  • Risk Management
  • Governance
2Access Control
  • Two-Factor Authentication
  • Password Configuration
  • Access Management
3Endpoint and Systems Security
  • Endpoint Protection
  • Vulnerability Management
  • Asset Inventory
  • Secure Configuration
  • Logging and Monitoring
4Network Security
  • Network Environment
  • Wireless
  • Network Penetration Testing
  • Network Capacity
5Physical Security
  • Physical Access
  • Physical Penetration Testing
  • Tampering and Alteration
  • Environmental
6Application Security
  • Training
  • Secure Development
  • Software Management
7Third Party
  • Third Party Contracts
  • Due Diligence
  • Third Party Inventory
8Business Resilience
  • Business Continuity/DR
  • Incident Response
  • Backup
9Remote Work
  • Remote Security Awareness
  • Remote Business Continuity
  • Device Vulnerability & Monitoring
  • Authentication & Identity
  • Remote Connectivity
< Back to previous

Develop a blueprint to ask the right questions, in order to make better decisions.

Looking through the lens of four key risk themes, organizations can make better decisions to support changing business models, while protecting their people, clients, partners, and balance sheets.

Explore the report