What is Assess?
Assess is a core component of the Cyber Loop and helps to shed light on the cyber risk profile of an organization. Assess evaluates a company's cyber maturity across their technology estate and pinpoints vulnerabilities, risks, and security controls that threaten balance sheet exposure and potentially impact business continuity.
Aon assesses cyber resilience across four vital areas: technical defenses, control maturity, financial impact, and insurability to build a cyber resilience framework for your organization. We help identify risks, vulnerabilities, and misconfigurations in technical defenses that highlight control gaps and implementation issues. Control maturity is evaluated relative to your organization's risk profile and industry standards which can then inform mitigation strategies. We pinpoint gaps and weaknesses and identify quick wins and long-term needs to optimize cyber resilience. We determine which vulnerabilities may threaten business impact and significant material loss and help evaluate your organization’s security posture and readiness for the insurance marketplace.
When Should You Conduct an Assessment?
Opportunities to conduct cyber assessments are endless. Some businesses measure cyber resilience as part of their regular risk management planning. Others enter an in-depth evaluation following a cyber breach when questions endure: Is the organization secure? Are we ready for the next attack? Is another attacker already in our network, and what does this mean?
What are Common Assess Methodologies?
Aon draws from a portfolio of time-tested delivery methodologies and frameworks to assess cyber resilience. We can assess, review and test existing controls, and simulate real-world attack scenarios to evaluate technical defenses within the organization's technology footprint for known vulnerabilities. We examine control maturity using measurable standards within the context of your unique business operations, which enables Aon to then inform cyber security investment measures based on risk profile.
We present our findings and recommendations within Aon's Return on Security Investment (ROSI) framework, a data-driven model. We collect data across estimated potential loss, risk mitigation, and cost of the solution to help determine the potential financial impact of a cyber event and the estimated budget needed to mitigate or transfer the risk.
How Aon Can Help
Aon leverages 20+ years of experience delivering cyber solutions across various domains to align your organization’s cyber risk within its unique business context. Our risk management model of Assess, Mitigate, Transfer, and Recover can be entered at any point to achieve company-wide cyber resilience at scale and be better positioned for insurability and business continuity. Our specialized knowledge across Cyber Insurance Placement, Security Advisory, Testing, Intelligence, and Incident Response (IR) sets us apart. Our data-driven approach allows us to better advise on risk prioritization, and we help you quantify your total cost of cyber risk to make complex security investment decisions.
We are in the business of better decisions.