A Model for Sustained Cyber Resilience
There is nothing linear about cyber security. This is the guiding principle of The Cyber Loop, a cyber risk management model for sustained cyber resilience that unites stakeholders irrespective of role to make better decisions on cyber risk.
According to Aon’s 2021 Cyber Risk Report, business and information technology (IT) leaders are under increasing pressure to maximize return on security investment (ROSI) in an increasingly complex business and risk environment. Insurance providers also feel the pressure. As loss frequency and severity outpace cyber rate increase,1 and many have halved the amount of cyber coverage they provide to customers after a surge in ransomware attacks left them hurting from considerable payouts.2 There is no doubt that cyber risk runs deep and wide.
Businesses find themselves ill-prepared to manage this risk. Only two in five organizations are ready to navigate new exposures arising from rapid digital evolution, and more alarming, a mere 17 percent have adequate application security measures in place.3
The market continues to overflow with technologies designed to secure organizations and operational checklists to guide compliance and build resilience. Yet even with all these resources, many likely feel unsure of the best next decision. A strategic approach to cyber security is circular and iterative, and importantly — informed by data.
Realizing Sustained Cyber Resilience
The Cyber Loop model acknowledges that each organization will start its journey from a different place: assess, mitigate, transfer, or recover.
This journey through assess, mitigate, transfer, and recover demonstrates that a strategic approach to cyber resilience is circular and iterative, and importantly — informed by data.
When operating within the Cyber Loop, an organization becomes an informed participant in managing risk. To realize the promise of sustained cyber resilience, it is critical that stakeholders — across the business — come together to assess where they sit in the circular journey. With data, better decisions can be made and return on security investment can be measured.
At the conclusion of each section, key questions are presented to help guide understanding of the value unlocked within each Cyber Loop entry point. Additionally, we provide eight key actions an organization can take today, to reinforce its cyber security strategy.
An organization cannot mitigate risks it doesn’t know or transfer a risk it doesn’t understand. Aon’s approach to assessment informs future decisions on the best strategies to manage cyber risk.
Explore the Cyber Loop whitepaper below to learn more.
1 Crawford Aon. (2021). A guide to successfully managing cyber claims: Get prepared, take control, and optimize recovery. White Paper.
2 Cohn, C. (2021, November 19). Insurers run from ransomware coverage as losses mount. Reuters. https://www.reuters.com/markets/europe/insurers-run-ransomware-cover-lossesmount-
3 Aon. 2021. Balancing risk and opportunity through better decisions. April 2021. Retrieved from https://www.aon.com/2021-cyber-security-risk-report/