Case Studies

Breaches happen, but It doesn’t mean you are liable

Hospitality companies face significant cyber security risks. Hotel organisations processes millions of records containing personally identifiable information (PII) and transmits and stores vast amounts of credit card and employee data. As more and more customer information from digital marketing and loyalty programs is collected, the amount of data continues to increase. Securing potential entry points for cyber criminals is paramount.

When a global hotel organisation was notified by their banking institution that three of their major properties were likely compromised they needed a rapid response to the breach. The organisation and their outside counsel sort out Aon for help. We advised on the extent of the compromise, the scope of affected credit cards that could trigger reporting obligations, and the presence of any digital forensic evidence that might limit the liability of the organisation. Ultimately, our team preserved over 250 servers and workstations from more than 100 hotels across the globe.


  • Delivered forensic evidence that minimised legal exposure and defined the defensible limits of the breach
  • Diagnosed the type, timing, and scope of the breach swiftly, months ahead of the Payment Card Industry (PCI) forensic investigator (PFI)
  • Instilled confidence in our client by providing our intimate knowledge of the legal procedures arising from a breach
Not everyone speaks the same language, but we can translate

The manufacturing industry’s drive for innovation and increased reliance on automation and industrial internet of things (IIoT) has heightened its cyber risk. A breach can pose a risk of defective products, physical damage and even loss of life.

When a manufacturing organisation completed red team testing to identify their organisation’s cyber vulnerabilities but was unable to move forward with the cyber security remediation plan, Aon stepped in to help. Whilst an accurate report had been produced by both the internal security team and an outside vendor, it was unfamiliar to the CEO and CFO. Neither team were able to clearly communicate the nature of the cyber risk and what it meant in business terms to the C-suite.

After meeting with Aon leadership, the company’s executive team hired us to help. We conducted another round of red team testing and ensured we bridged the gap between technology and business in the presentation of our findings.

The company comprehended the impact of their vulnerabilities and began remediation to secure the organisation.

  • Successfully penetrated the guest wireless network, and uncovered vulnerabilities extending throughout the corporate network
  • Demonstrated cyber risk and its business impact to the C-suite when other teams couldn’t, achieving remediation buy-in
  • Maintained discretion with our work, securing leadership’s trust and confidence
These days it’s not just an iceberg that could sink the titanic

Delivery schedules drive profitability and customer satisfaction for logistics and transportation companies. It only takes one ransomware or malware attack to have a detrimental impact on logistics schedules, including system shut downs and potentially significant delays in deliveries. Also at stake is the integrity and theft of data, ranging anywhere from inventory lists to personally identifiable information (PII).

When a universal port facility knew they needed line of sight to their cyber risk posture and vulnerabilities but didn’t know where to start, they turned to Aon to help. We conducted a cyber risk assessment to identify critical assets and vulnerabilities and develop a risk profile that considered the full threat landscape. We then quantified that risk. Using our Cyber Impact Analysis methodology, we modelled probable and maximum loss scenarios and determined the likely financial impact of each should an incident occur. Armed with this data, the risk and security teams communicated the value of recommended information security and insurance investments to the board and wider executive team.

  • Provided line of sight into cyber exposures and delivered a risk management roadmap
  • Quantified and modelled cyber risk to inform a selection of insurance policies
  • Prepped their team to present to the board and C-level to obtain security funding
Aon Cyber Expert

Chris McLaughlin

Director, Cyber Solutions Group

More Information

Cyber Insights