What is Mitigate?
As cyber risk evolves, so must an organization's defenses. Risk management controls in cyber security extend across people, processes, and technology. Cyber security risk mitigation helps an organization manage risk by carefully implementing and enhancing security controls – procedure, policy, or people - to help stay secure.
Mitigation in cyber security helps to manage risk, prevent incidents from occurring and reduce the impact of those that do. It reduces risk by defining and implementing strategies, processes, and tools in a measurable way aligned to the risks facing your business. When aligned with industry standards, a cyber security risk mitigation plan can help businesses define achievable, quantifiable targets for control enhancements. A security risk mitigation plan enables organisations to better deliver against these objectives and address gaps between cyber insurance requirements and the organization's security posture.
When Should You Mitigate?
Businesses are not static, and neither is a mitigation strategy. Organizations need to continually mitigate, assess, and repeat, and understand that both internal and external drivers can influence the decision to mitigate.
A security risk mitigation plan is regularly required for compliance and insurability reasons, the need to ensure customer trust or it can be driven by business change. Organizations are expected to deliver a data-driven strategy that meets marketplace and regulatory expectations.
What are Common Mitigate Methodologies?
Mitigate leverages output from evaluations conducted during a cyber security assessment, also known as the Assess phase in Aon's Cyber Loop. We prioritize strategies to address control gaps and weaknesses and align with measurable industry standards and frameworks, for example NIST (National Institute of Standards & Technology).
We present our findings and recommendations within Aon's Return on Security Investment (ROSI) framework, a data-driven model. We collect data across estimated potential loss, risk mitigation, and cost of the solution to determine the potential financial impact of a significant cyber event and the estimated budget needed to mitigate the risk. This all helps make informed decisions regarding cyber security investments.
How Aon Can Help
Aon leverages 20+ years of experience delivering cyber solutions across various domains to align your organization’s cyber risk within its unique business context. Even organizations of the same size, in the same geography, and within the same industry will face different cyber risk situations. Aon's team is comprised of technically skilled professionals and proven business change leaders. We understand how to lead and implement mitigation programs and align our work to security risk management, insurability, and balance sheet objectives.
Our specialized knowledge across Cyber Insurance Placement, Security Advisory, Testing, Intelligence, and Incident Response (IR) sets us apart. Our data-driven approach allows us to better advise on risk prioritization, and we help you quantify your total cost of cyber risk to make complex security investment decisions.
We are in the business of better decisions.