Security Risk Assessment

Our security risk assessment identifies your critical assets and vulnerabilities, in addition to evaluating your organisation’s core cyber security capabilities. Once we’ve determined your defence measures and readiness to respond, we’ll deliver a recommended roadmap to help improve your organisation’s cyber resilience.

Cyber Security Testing

We use real-world testing and simulations to help you understand your vulnerabilities and strengthen your defences. Our tailored approach illuminates your system’s weaknesses, so you can address them, clearing the way for peace of mind.

Cyber Impact Analysis: Financial Quantification

Knowing the financial impact of a cyber event is essential for good governance. Our proprietary financial modelling helps you make smart, data-driven choices on cyber security and risk management. We’ll assess your organisation’s cyber risk exposure and model probable scenarios. Insights from our data analytics will direct and strengthen your case to invest in information security, business continuity, and cyber insurance. Should a cyber incident occur, these models demonstrate to key stakeholders that an appropriately sophisticated approach was undertaken, and reasonable efforts were made to protect shareholder equity, customers, and the public.

Incident Response Readiness Assessment

During a cyber attack, you need to know what to do. Rapid detection and meaningful response is critical. Every moment you wait for important decisions or information is a delay in containment and recovery, while the event continues to chip away at your brand integrity. Our assessment takes a dynamic and consultative approach. We know what being prepared looks like, and we can evaluate your current cyber incident response plan, research your environment, evaluate your response capabilities, and identify gaps. We provide tactical and strategic recommendations that help your organisation respond to a cyber event with confidence.

Network & Cloud Penetration Testing

Our highly-developed penetration testing methodology is a deep dive into the layers of your defences to uncover your potential weaknesses. By simulating the activities of a malicious individual or organisation, our testers evaluate and attempt to compromise a broad range of your systems, creatively adapting to the environment and security controls we encounter. From there, we assess the exposure to risk of business-critical systems that reside deep within your network.

Compromise Assessment

Attackers can go undetected in a network. It’s critical to identify possible indicators of compromise to understand the impact and scope of an attack before the damage is done. We use state-of-the-art assessments to help unearth attack vectors, techniques and technology. Using our deep experience and sophisticated tool set, we rapidly collect, correlate and analyse vast amounts of endpoint and server status data artefacts and compare them with our behavioural indicators of compromise. This allows us to identify patterns of activity associated with a variety of attack scenarios. Should one be detected, we activate our incident response teams.

Privacy Compliance Assessment

Organisations must commit to protecting the personal information in their care. We’ll begin your privacy compliance assessment by extensively reviewing the strength of your computer security, policies and data agreements, including interviews with key business and IT managers, analysis of back-end databases, and a technical review of documents. Next, we’ll map our findings to the statue and privacy guidelines that govern your industry and assess whether encryption techniques are appropriately deployed at the server, desktop, and backup levels. Finally, we’ll provide prioritised recommendations for addressing your organisation’s needs.

Application & Mobile Security Testing

How do you secure your applications? What data is exposed or insufficiently protected? What happens if an employee’s device is lost or stolen? We identify and help mitigate the vulnerabilities of the applications running on your network. Our proprietary application security directives (ASDs) provide a framework for testing and scoring your applications, providing a report of all identified security issues, including all the information necessary to reproduce each issue and help correct or mitigate the vulnerability.


With Cyber Quotient Evaluation from Aon you can rapidly size up your organisation’s cyber risk. CyQu Enterprise is an award winning cyber risk assessment platform which leverages in-depth cyber data analytics to provide you with instant insights and a fully customised report enabling you to take an important step in strengthening your cyber risk posture.

Discover your cyber risk with CyQu.

Due Diligence & Background Investigations

Risks at the intersection of politics, commerce, and regulation can be some of the most difficult to manage. Missteps can bring reputational and financial damage to your organisation. We provide deep research into potential acquisitions, significant new clients or employees, and third parties. Our due diligence services provide you with the insight you need by delivering vital information into the hands of legal, compliance, anti-money laundering (AML), financial crime and investment decision makers to help you reduce risk.

Source Code Security Review

The software you’re using should be tested against your security standards. We evaluate your application’s internal structures to help identify flaws that could allow attackers to gain access to your critical assets. Using techniques such as control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage, we examine the hard-to-copy error conditions that could be abused by skilful attackers. On top of that, we can pinpoint the exact line of code where the flaw occurs and provide very specific remediation recommendations.

Executive Vulnerability Assessment

Executive cyber security is not just a personal problem. It has an impact on businesses as well. An identity can be stolen at any time, threatening the financial affairs of your senior executives and your company. Passwords might be stolen providing access to company documents and sensitive information could be placed on open source forums, exposing your executives and company to external threats. Through one-on-one discussions and data-gathering, we conduct an individual threat assessment providing personalised security vulnerability evaluations to help protect your top executives, their families, and therefore your organisation.

Aon’s CyberScan

Aon's CyberScan is a full-stack vulnerability assessment solution that gives you the tools you need to control and manage IT security risk. Delivered as a cloud-based managed service, it provides a combination of technology and human expertise to supply you with on-demand, verified security risks.

Aon Cyber Expert

Chris McLaughlin

Director, Cyber Solutions Group

More Information

Cyber Insights