Cyber Quotient Evaluation from Aon

Cyber risk is one of the top business risks facing organizations. Despite this, the majority are not adequately prepared for a cyber incident.1

CyQu Enterprise is an award winning cyber risk assessment platform enabling you to take an important step in strengthening your cyber risk posture.

  • Built with patent pending analytics methodology
  • Leverages in-depth cyber data analytics
  • Rooted in both ISO standards and the NIST framework
  • Winner of multiple cyber risk awards

Discover your cyber risk with CyQu

In about 90 minutes or less, CyQu Enterprise will provide you with a snapshot of your cyber maturity (CyQu Score) and insight into the areas posing the greatest risk to your organization.

This will be followed up with a custom report, detailing key findings and opportunities for remediation to help you improve your cyber resilience.

Find out your cyber risk and contact us

CyQu for small businesses

CyQu is an automated light weight cyber assessment designed specifically for small businesses.
Currently available in the U.S. only.


Gain instant visibility into your cyber risk posture

In about 90 minutes CyQu will provide an automated CyQu Score with a snapshot of your cyber maturity and exposures across 9 security domains, highlighting vulnerable areas and cyber risks facing your organization.

Identify quick wins to strengthen your security

Your CyQu report will identify key enablers for improvement or “quick wins” that should receive immediate focus to enhance your current level of security performance

Benchmark against industry peers

Your CyQu score will be benchmarked against industry peers giving you insight into how you compare across each of the 9 domains, making it easier to identify gaps in performance and determine where to prioritize improvements.

Obtain clear, actionable strategies for remediation

Your CyQu report will outline clear, actionable remediation strategies and recommendations to help strengthen your cyber resilience and cultivate a data-driven risk management strategy.

Align security functions across your organization

Your CyQu report creates the framework for Risk Management and IT teams to work together to solve evolving risks, strengthening collaboration and improving alignment of your risk strategy.

Simplify insurance decision making process

Bridge the gap between a CISO and a CRO. Use CyQu to understand areas of critical vulnerability, and transfer that financial risk into an insurance policy.

How it works:

CyQu Enterprise scores and benchmarks across 9 security domains which break down into 35 critical control areas.

  • 1Data Security
    • – Data Classification
    • – User Awareness and Training
    • – Data Protection
    • – Risk Management
    • – Governance
  • 2Access Control
    • – Two-Factor Authentication
    • – Password Configuration
    • – Access Management
  • 3Endpoint and Systems Security
    • – Endpoint Protection
    • – Vulnerability Management
    • – Asset Inventory
    • - Secure Configuration
    • - Logging and Monitoring
  • 4Network Security
    • – Network Environment
    • – Wireless
    • – Network Penetration Testing
    • - Network Capacity
  • 5Physical Security
    • – Physical Access
    • – Physical Penetration Testing
    • – Tampering and Alteration
    • - Environmental
  • 6Application Security
    • – Training
    • – Secure Development
    • – Software Management
  • 7Third Party
    • – Third Party Contracts
    • – Due Diligence
    • – Third Party Inventory
  • 8Business Resilience
    • – Business Continuity/DR
    • – Incident Response
    • – Backup
  • 9Remote Work
    • – Remote Security Awareness
    • – Remote Business Continuity
    • – Device Vulnerability & Monitoring
    • – Authentication & Identity
    • – Remote Connectivity


Use your CyQu score to benchmark your cyber risk posture against your peers making it easier to determine where to prioritize improvements.

Find out how you compare
CyQu Domains Your CyQu Peer CyQu
Data Security 3.3 3.0
Access Control 3.3 2.8
Endpoint and Systems Security 2.9 3.0
Network Security 2.7 3.1
Physical Security 4.0 3.0
Application Security 2.7 2.2
Third Party 4.0 2.5
Business Resilience 1.5 2.8
Remote Work 2.4 -*

*Peer Score pending data availability

CyQu Enterprise Quick Facts

What is CyQu Enterprise?

CyQu Enterprise is a comprehensive cyber risk assessment that provides:

  • An in-depth, holistic view of an organizations cyber risk posture
  • Instant comprehensive scoring, target and peer benchmarking
  • Actionable remediation strategies for long term security


CyQu Enterprise is best suited to mid-market and large organizations

Common use cases

  • Identify detailed cyber vulnerabilities
  • Organizational awareness
  • Strategic planning
  • Board presentations
  • Budget/funding requests
  • Facilitate insurance submission
  • Competitive analysis

Regional availability

U.S., EMEA, Canada, Australia and LATAM with a larger expansion plan in 2020

Who completes a CyQu assessment?

CISO, CTO, CIO, CSO (or equivalent)

Completion time

90 minutes or less*

Assessment criteria

Comprehensive assessment of 9 security domains and 35 critical control areas (rooted in NIST cyber security framework)

Reporting features

Comprehensive, custom report completed by Aon’s Cyber Solutions Consultants. Delivered 10 business days after client submission

Client success stories

Retail business shops for help in managing its cyber unknowns

Read full success story

Facilitating a facilities business understanding of its cyber risk

Read full success story

Hotel group looks for room to improve its cyber security

Read full success story

Prevention is better than cure for pharma business

Read full success story

Piecing the data jigsaw together

Read full success story

Tech business looks for plug-in protection

Read full success story

Contact one of our cyber leaders to learn more:

Find out more