Discover your cyber risk with CyQu
In about 90 minutes or less, CyQu Enterprise will provide you with a snapshot of your cyber maturity (CyQu Score) and insight into the areas posing the greatest risk to your organization.
This will be followed up with a custom report, detailing key findings and opportunities for remediation to help you improve your cyber resilience.
Gain instant visibility into your cyber risk posture
In about 90 minutes CyQu will provide an automated CyQu Score with a snapshot of your cyber maturity and exposures across 9 security domains, highlighting vulnerable areas and cyber risks facing your organization.
Identify quick wins to strengthen your security
Your CyQu report will identify key enablers for improvement or “quick wins” that should receive immediate focus to enhance your current level of security performance
Benchmark against industry peers
Your CyQu score will be benchmarked against industry peers giving you insight into how you compare across each of the 9 domains, making it easier to identify gaps in performance and determine where to prioritize improvements.
Obtain clear, actionable strategies for remediation
Your CyQu report will outline clear, actionable remediation strategies and recommendations to help strengthen your cyber resilience and cultivate a data-driven risk management strategy.
Align security functions across your organization
Your CyQu report creates the framework for Risk Management and IT teams to work together to solve evolving risks, strengthening collaboration and improving alignment of your risk strategy.
Simplify insurance decision making process
Bridge the gap between a CISO and a CRO. Use CyQu to understand areas of critical vulnerability, and transfer that financial risk into an insurance policy.
How it works:
CyQu Enterprise scores and benchmarks across 9 security domains which break down into 35 critical control areas.
- 1Data Security
- – Data Classification
- – User Awareness and Training
- – Data Protection
- – Risk Management
- – Governance
- 2Access Control
- – Two-Factor Authentication
- – Password Configuration
- – Access Management
- 3Endpoint and Systems Security
- – Endpoint Protection
- – Vulnerability Management
- – Asset Inventory
- - Secure Configuration
- - Logging and Monitoring
- 4Network Security
- – Network Environment
- – Wireless
- – Network Penetration Testing
- - Network Capacity
- 5Physical Security
- – Physical Access
- – Physical Penetration Testing
- – Tampering and Alteration
- - Environmental
- 6Application Security
- – Training
- – Secure Development
- – Software Management
- 7Third Party
- – Third Party Contracts
- – Due Diligence
- – Third Party Inventory
- 8Business Resilience
- – Business Continuity/DR
- – Incident Response
- – Backup
- 9Remote Work
- – Remote Security Awareness
- – Remote Business Continuity
- – Device Vulnerability & Monitoring
- – Authentication & Identity
- – Remote Connectivity
Use your CyQu score to benchmark your cyber risk posture against your peers making it easier to determine where to prioritize improvements.Find out how you compare
|CyQu Domains||Your CyQu||Peer CyQu|
|Endpoint and Systems Security||2.9||3.0|
*Peer Score pending data availability
CyQu Enterprise Quick Facts
What is CyQu Enterprise?
CyQu Enterprise is a comprehensive cyber risk assessment that provides:
- An in-depth, holistic view of an organizations cyber risk posture
- Instant comprehensive scoring, target and peer benchmarking
- Actionable remediation strategies for long term security
CyQu Enterprise is best suited to mid-market and large organizations
Common use cases
- Identify detailed cyber vulnerabilities
- Organizational awareness
- Strategic planning
- Board presentations
- Budget/funding requests
- Facilitate insurance submission
- Competitive analysis
U.S., EMEA, Canada, Australia and LATAM with a larger expansion plan in 2020
Who completes a CyQu assessment?
CISO, CTO, CIO, CSO (or equivalent)
90 minutes or less*
Comprehensive assessment of 9 security domains and 35 critical control areas (rooted in NIST cyber security framework)
Comprehensive, custom report completed by Aon’s Cyber Solutions Consultants. Delivered 10 business days after client submission
Client success stories
Retail business shops for help in managing its cyber unknownsRead full success story
Facilitating a facilities business understanding of its cyber riskRead full success story
Hotel group looks for room to improve its cyber securityRead full success story
Retail business shops for help in managing its cyber unknowns
A UK retailer struggled to have a clear insight into its cyber exposure. There were constraints for key stakeholders from the IT and cyber security functions. And the insurance manager who sat on the audit committee, that supervised risk mitigation activity, did not understand cyber risk.
The retailer wanted to understand its current cyber exposure – gaining an external opinion on its current cyber risk maturity position – while identifying methods that could help mitigate its exposures and underpin its insurance-placing process with data insights.
Aon provided the retailer with access to its online cyber risk assessment (CyQu) and received a first cyber risk maturity score within 90 minutes of completion. Within 10 days, our cyber risk consultants compiled a custom CyQu report with prioritized recommendations and risk transfer strategies for the business based upon the retailer’s responses, and retailer was then able to complete our short insurance proposal form and receive a competitive cyber insurance quote.
- Gained a clearer understanding of the overall cyber risk exposures supported by data and analytics
- Activated a cyber insurance solution with broad coverage
- Implemented a series of crisis management simulation trainings to help improve control areas that had a low maturity rating
Facilitating a facilities business understanding of its cyber risk
With multiple geographies and business units, a global facilities services company needed to better understand and manage its cyber risk, which had become a top priority for its Board.
Not only did the business want to better understand its core cyber risk as it evolved its core business model, it wanted to align its IT, information security and business strategy while informing decision-making across its cyber risk management.
Working with our CyQu product, Aon delivered a combined Cyber Impact Analysis and Security Maturity Review, which allowed our client to baseline their current cyber risk posture, and to provide a yardstick to measure progress as they improved their cyber posture.
- Achieved a better understanding of their cyber risk , which could then be more effectively communicated within their business model
- Gained the ability to make more balanced decisions on how best to mitigate cyber risk through a blend of risk transfer and prioritized investment on improving cyber security controls across key business functions
Hotel group looks for room to improve its cyber security
A hotel group wanted to evaluate its cyber security posture against the evolving technology and threat landscape. Alarmed by a series of high-profile attacks in its sector, the hotelier felt compelled to consider their own situation and develop a data-driven risk management strategy across its subsidiaries.
First, it was important that the hotelier could understand the wider picture by looking at the cyber threats impacting the hospitality and entertainment sector. Secondly, it wanted to evaluate the performance of cyber security controls for each of the its major subsidiaries. It was important that the hotelier could then compare its subsidiaries’ respective cyber risk maturity scores against Aon’s industry benchmark. Finally, the business needed to establish a practical remediation plan across its subsidiaries to protect its corporate balance sheet.
We asked the hotel group’s subsidiaries to complete our online cyber risk assessment (CyQu). Respondents took an average of 90 minutes to complete the assessment, after which they received an immediate cyber maturity snapshot and visibility into which control areas represented the greatest points of vulnerability based upon their submitted responses.
Using our proprietary scoring system, we were able to use the CyQu outputs to tailor a detailed management report, enabling comparison across the various operating entities and recommending actionable improvements. We also produced a prioritized risk mitigation strategy customized to the organization’s unique maturity scores and best practices within the hospitality industry.
- Identified a consistent approach for cyber risk and baselining control maturity at both the enterprise and asset portfolio level
- Developed stronger collaboration between the respective IT and risk teams across the company’s various operations; helping to inform decisions around risk treatment and transfer options
- Empowered by Aon analytics and the risk mitigation strategy document, the hotel group devised a cyber security roadmap designed to help deliver the greatest risk reduction and improvement to cyber security posture
Prevention is better than cure for pharma business
While undergoing significant change in their business processes and practices (specifically from an IT perspective), a UK-based pharmaceutical business was concerned about rapid developments to the cyber threat landscape / environment and where its vulnerabilities might lie within their current cyber security posture.
It was important for the business to understand the key cyber threats they faced across the organization and in its key business functions. The company wanted to gain support in analyzing their security control posture and learn which areas represented the greatest points of vulnerability while identifying the different possible cyber scenarios that could materialize.
A completion of our online cyber risk assessment tool – CyQu – allowed the pharma business to better understand its cyber exposure and most critical vulnerabilities based upon their responses. Using tailored best-practice controls and mandatory controls required by regulation, CyQu helped the business rapidly evaluate its cybersecurity posture. And, by highlighting specific areas of weakness, the CyQu tool facilitated a future exercise to develop credible cyber risk scenarios.
- Developed a deeper understanding of the prioritized cyber threats across key business units / geographies
- Identified strengths and weaknesses and an appropriate roadmap for cyber security improvement
- Established attack-paths of potential attackers and developed credible cyber scenarios to further understand their risk profile
Piecing the data jigsaw together
A global organization, which had recently undertaken a major strategic acquisition, wanted to develop its cyber resilience strategy and buy specific standalone cyber risk insurance coverage. Due to the integration process with the new business, data sets were fragmented, and internal stakeholders were still getting to know one another. As a result, the business was finding it difficult to pull together the information needed for an underwriting submission and market presentation while being under significant time pressure to achieve the insurance placement.
Disparate data sets needed to be quickly gathered together while also engaging stakeholders from across the organization that had limited prior knowledge of each another. There also needed to be a minimal impact on client resources, which were currently focused on critical integration activities. In addition, the business needed to develop a compelling and complete underwriting submission and market presentation that established them as a “good risk” to the insurance market to help achieve favorable coverage terms and premium pricing.
Aon began by working with a senior IT stakeholder from the business who was asked to complete our online cyber risk assessment (CyQu), to gather high-level information on the organization’s control environment. By leveraging that information, we were able to develop an underwriting submission and market presentation; identifying information gaps and using targeted calls with stakeholders to help close them. We then developed a strong narrative to present the risk to the insurance market.
- Delivered a successful market submission and presentation leading to improved coverage terms and premium pricing
- Enabled clear articulation of the value of cyber insurance to the company’s C-suite
- Enabled the Group Risk and Insurance Managers to be more involved in the process of presenting the cyber risk management approach to underwriters, including providing additional insights and clarity
- • Established stronger collaboration across the company’s operations – helping to inform decisions around risk treatment and transfer options
Tech business looks for plug-in protection
A global high-tech business, that wanted to pursue a new corporate strategy through the provision of software services to high-value clients and new contracts, found itself encountering greater cyber threat complexity within an intricate network infrastructure that had systems directly interfacing with major clients.
The software business needed to understand the key cyber threats facing the organization and its key business functions, while evaluating the security readiness of distinct business functions when interfacing with third-party networks. By analyzing their security control posture, they would be able to learn which areas represent the greatest points of vulnerability to the business and be in a position to prioritize their future security investment strategy.
Using our dynamic cyber risk management portal – CyQu – Aon helped the business evaluate their readiness to execute new client strategies across their numerous business units; highlighting priority areas for remediation and helping to safeguard their environment and clients’ environments. The CyQu reports were also utilized to help provide the business’s clients with assurances as to the maturity levels of cyber security controls within the organization.
- Gained insights into the critical remediations required to help safeguard the network infrastructure
- Helped the organisation’s C-Suite understand the importance of further security investments enabling greater commercial growth
- Established the process for consistent evaluation complementing the less regular, more in- depth security audits