Adversary Simulation

Capabilities
Capabilities
What we do.

Through our global expertise across two key areas of need ― Risk Capital and Human Capital ― our clients are better advised within, and across, their risk and people strategies.
Risk Capital

Claim Management

Reinsurance

Risk Analytics

Risk Management

Risk Retention

Risk Transfer

Human Capital

Health and Benefits

Human Capital Analytics

Investments

Pensions and Retirement

Talent and Rewards

Workplace Wellbeing
Industries
Industries
Insights and advice, tailored to your needs.

While we all face many of the same challenges and opportunities, every industry is different and requires dedicated expertise.
Construction and Real Estate

Financial Institutions

Financial Sponsors

Food, Agribusiness and Beverage

Healthcare Providers and Services

Hospitality, Travel and Leisure

Industrials and Manufacturing

Insurance

Life Sciences

Natural Resources

Professional and Business Services

Public Sector

Retail and Consumer Goods

Sports and Entertainment

Technology, Media and Communications

Transportation and Logistics
Insights
Insights
Discover new insights from Aon.

From navigating climate change to workforce resilience, today’s leaders need access to powerful insights to make better decisions.
Featured Topics

Climate Change and Sustainability

Environmental, Social and Governance Issues

Supply Chain Resilience

Workforce Resilience
About
About
Aon is in the business of better decisions.

We exist to shape decisions for the better — to protect and enrich the lives of people around the world.
About Us

Our Story

Our Values

Our Impact

Inclusion and Diversity

Leadership and Governance

Careers

Organizing Around Today's Biggest Client Needs

Risk Capital

Human Capital

How can we help you?

Adversary Simulation

Learn how your organization can benefit from adversary simulation.

What is Adversary Simulation?

Adversary simulation, also known as adversary emulation, is the practice of security experts impersonating the actions and behaviors of skilled cyber threat actors to attack an organization’s information technology or operational technology environment. Using real-world attacker breach techniques and a feedback loop from the organization’s security stack, adversary simulation exercises help test and improve cyber resilience against attacks such as ransomware and persistent threats.

Adversary simulation is considered a highly effective way to holistically test an organization’s cyber resilience by assessing its ability to prevent, detect, and respond to real-world threats and attacks in a simulated breach scenario. The simulation results provide security leaders with data points to make more informed decisions on risk and cyber resiliency and to help prioritize budgets based on validated evidence derived from testing the effectiveness of their security controls.

Breach Assistance

How Does Adversary Simulation Work?

Adversary simulation empowers organizations to more accurately assess cyber risk and vulnerabilities by impersonating a variety of attacker tools, techniques and procedures across various scenarios and adversary profiles to test the effectiveness of security controls in any given environment.

By integrating into an organization’s security technology stack, adversary simulation can help drive in-depth analyses of successful vs. blocked attacks, provide better visibility into the efficacy of an organization’s defensive controls and security monitoring programs, and help paint a picture for a data-driven risk prioritization and remediation strategy.

More Cyber Offerings

Identification

Identification of existing gaps in an organization’s security controls and security monitoring program.
Evaluation

Evaluation of an organization’s cyber defenses and to help provide an in-depth strategy for mitigating risk from attacks.
Validation

Validate the effectiveness of security programs, tools and specific controls against industry-specific attacker techniques.
Enhancement

Enhancement of security monitoring and detection capabilities.

Why Every CISO Should Consider Adversary Simulation

As organizations grow their digital footprint to support critical business functions, the risk of attacks on digital infrastructure increases proportionately. Adversary simulation allows chief information security officers (CISOs) to pivot from a reactive implementation of defensive controls and security tools – a never-ending game of catch-up – to a more proactive, strategic and data-driven approach to risk prioritization and mitigation. Here’s why an investment in adversary simulation services should be on every CISO’s agenda:

Identify and track an organization’s attack surface available to attackers, thereby helping to reduce exposure to a variety of harmful threat actors significantly
Validate an organization’s security stack and help identify gaps that may exist so that future technology investments can be based on more quantitative data points
Improve cyber resilience following a cyber breach event
Validate the effectiveness of security programs, tools and specific controls against industry-specific attacker techniques
Help Identify and remediate blind spots and gaps in an organization’s security monitoring program
Make better decisions using empirical data derived from simulations to help maximize the return on security investment

Insurance products and services are offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida, and their licensed affiliates.

The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

The Cyber Loop

Webpage

A Model for Sustained Cyber Resilience

Read More

Article 5 Minute Read

Deepfakes and Cyber Espionage

Two cyber threats — deepfake technology and insiders selling access to company information — are putting organizations at a greater risk of financial loss and much worse.

Read the Article

Adversary Simulation

Claim Management

Reinsurance

Risk Analytics

Risk Management

Risk Retention

Risk Transfer

Health and Benefits

Human Capital Analytics

Investments

Pensions and Retirement

Talent and Rewards

Workplace Wellbeing

Construction and Real Estate

Financial Institutions

Financial Sponsors

Food, Agribusiness and Beverage

Healthcare Providers and Services

Hospitality, Travel and Leisure

Industrials and Manufacturing

Insurance

Life Sciences

Natural Resources

Professional and Business Services

Public Sector

Retail and Consumer Goods

Sports and Entertainment

Technology, Media and Communications

Transportation and Logistics

Our Story

Our Values

Our Impact

Inclusion and Diversity

Leadership and Governance

Careers

Risk Capital

Human Capital

Article

Article

Article

Adversary Simulation

What is Adversary Simulation?

Breach Assistance

Contact our cyber response teams for urgent breach assistance.

How Does Adversary Simulation Work?

More Cyber Offerings

Effective adversary simulation can lead to the following outcomes:

Identification

Evaluation

Validation

Enhancement

Why Every CISO Should Consider Adversary Simulation

The Cyber Loop

A Model for Sustained Cyber Resilience

Deepfakes and Cyber Espionage

Talk to Our Team