Cyber and Data Security

May 20, 2025 8 mins

Cyber and Data Security

Aon’s cyber and data security strategy is grounded in our commitment to protect client information, support secure and resilient operations and maintain trust in an increasingly complex digital risk environment.

Introduction
Cyber Security
Data Protection
Artificial Intelligence
Client Solutions
Related Information

Aon’s cyber and data security strategy is grounded in our commitment to protect client information, support secure and resilient operations and maintain trust in an increasingly complex digital risk environment. Guided by strong governance and a firmwide risk culture, our approach is focused on:

Embedding cyber security and data protection, including oversight, as enterprise level risk management priorities that underpin responsible business practices, trusted client partnerships and operational resilience.
Strengthening cyber resilience through disciplined governance, proactive risk identification and incident response across the full cyber risk life cycle.
Safeguarding data through a mature global privacy and data protection framework aligned to applicable laws, supported by clear accountability, policies and oversight.
Enabling responsible innovation, including the use of AI, through strong data and technology governance that protects Aon and client data while supporting new capabilities.

Cyber Security

Cyber security risk has the potential to disrupt and destabilize businesses and continues to grow and escalate to a board-level concern for businesses around the world. Governance and risk management in this area have never been more important.

At Aon, we prioritize cyber security resilience by guiding business leaders within a strategic risk governance process. Our global risk and regional risk committees, which include experts across Aon’s business, cyber security and IT teams, ensure we identify and mitigate risks and follow best practices to protect our interests while achieving Aon’s strategic goals.

Our Chief Information Security Officer (CISO), who leads a centralized Global Information Security Office, is supported by dedicated staff responsible for promoting compliance and awareness of applicable information security and data protection requirements, advising on the implementation of our security policies and standards and monitoring compliance across the jurisdictions in which we operate. We have adopted strong cyber resilience practices that span the entire cyber security risk life cycle. Aon is committed to proactively safeguarding our systems, data and products by identifying and mitigating threats and vulnerabilities, investigating and responding to cyber security incidents and implementing comprehensive counter measures through a mature risk management process. Aon’s cyber security team aims to protect our constituents, including colleagues, clients and shareholders. Aon is continuously monitoring the external landscape for potential and evolving security risks and adjusting our cyber security program and services accordingly.

Data Protection

Data is an essential foundation of our business and we take seriously our responsibility for managing our data and data privacy requirements. We have invested significant resources in our data protection framework which ensures that colleague data and the data that forms part of our products and services is managed in compliance with applicable data privacy laws and that data privacy risks are effectively managed.

Our approach starts with our Code of Business Conduct, which sets out senior management’s commitment to comply with data privacy laws in all jurisdictions where we do business and the behavior expected of our colleagues when working with each other, our clients and our business partners.

This is further underpinned and supported by data privacy policies, standards and standard operating procedures — all designed to ensure data privacy risks are managed across our businesses and functions.

Our Chief Privacy and Data Trust Officer oversees a central Global Privacy & Data Trust Office, with dedicated staff responsible for promoting compliance and awareness of applicable data privacy laws, advising on the implementation of our data privacy policies and standards and monitoring compliance in jurisdictions across the globe. We are focused on maintaining a sustainable data privacy control framework which places sufficient emphasis on the implementation and continual improvement of our data privacy controls.

Strong governance is essential to maintaining client trust around data privacy and AI. Through our Global Privacy & Data Trust Office, we focus on clear accountability, strategic advisory, effective controls and strong collaboration with key stakeholders. We are committed to continuously enhancing our privacy practices across all jurisdictions where we operate.

Tina Maisonneuve

Chief Privacy and Data Trust Officer, Aon

Artificial Intelligence

Aon has a culture of innovation and we are relentlessly focused on delivering solutions that meet client needs. Innovations using artificial intelligence (AI) have the potential to transform the way we work — but have also introduced new and evolving risks.

At Aon, we are continually seeking to enhance our services, including our use of AI and we work across the firm to investigate these new capabilities and thoughtfully incorporate them into our Aon United approach. We view AI as an enabler to drive outcomes — supporting better decision‑making, operating efficiency and differentiated insights.

We focus on ensuring that we have the right governance model in place to help our colleagues protect Aon and client data, which is critical to engaging with these new tools. Responsible use of AI is not optional at Aon — colleagues are required to adhere to our AI Responsible Use Policy as part of mandatory training, reinforcing that using this powerful technology in a safe and compliant way is a core expectation. Our AI governance approach is embedded within Aon’s broader enterprise risk management framework and is designed to balance speed and innovation with the protection of our clients, colleagues and the firm. This includes assessing AI risk across defined tiers, centrally cataloguing AI use cases to avoid duplication and maximize value, and applying consistent processes and controls to ensure accountability and oversight as risks and capabilities continue to evolve.

The steps we have taken to bring together operations in our Aon Business Service platform strongly positions Aon to assess and execute the best opportunities from across the firm, quickly and efficiently. This includes implementing a global AI policy, processes and controls to ensure that our use of data and AI is responsible and aligned with AI principles set out in our Code of Business Conduct.

Client Solutions

Our products and services reflect our clients’ evolving needs, including our portfolio of strategically developed solutions and capabilities:

Cyber Insurance: As a company’s digital presence expands — and as cyber criminals become more advanced and the universe of attack vectors grows — the cyber risks a business faces grow and become more sophisticated. Cyber insurance is critical to an organization’s overall cyber risk management strategy. It is intended to provide organizations with better protection against the financial risk posed by cyber security threats such as ransomware and data breaches. The need for cyber insurance solutions has never been greater than it is today and the factors for an organization to consider are a blend of economic, technological and strategic. Organizations can make better decisions on risk appetite and appropriate levels of risk transfer using cyber insurance.

Aon’s holistic approach to cyber risk management helps clients:

Diagnose cyber risks by evaluating clients’ risk posture compared to their internal security controls and their peers to understand vulnerabilities and prioritize investments.
Analyze cyber risks by providing quantitative insights needed to enable data-driven decisions that protect assets and operational resilience.
Mitigate cyber risks by helping clients prioritize and implement tools and resources to improve risk profiles through relationships with outside providers, especially in the eyes of underwriters.
Transfer cyber risk by quantifying probable cyber losses so businesses can make decisions to transfer the risk via cyber insurance.
Recover from cyber events by providing strategic support for claim recovery, coordination of any existing insurers and enabling access to preferred providers to help maximize the value or risk transfer.

In response to growing cyber risks, we are focused on data-driven solutions that help clients manage the risk for greater cyber resilience and growth, building on our expertise, insights and proprietary tools and methodologies. The Cyber Quotient Evaluation (CyQu) is Aon’s proprietary eSubmission platform that helps clients identify, measure and manage their cyber risk exposure while helping clients identify gaps in performance, prioritize spend and measure year-over-year changes in cyber maturity. Aon’s Cyber Risk Analyzer, which, through loss forecasting, exposure assessment and total cost of risk analysis capabilities, allows risk managers to make technology-enabled decisions to mitigate cyber risk.

Together, our colleagues and our tools help clients think about cyber risk as enterprise risk. We help clients understand potential threats and identify and quantify probable losses. With this knowledge, organizations can make better decisions on risk appetite and appropriate levels of risk transfer using cyber insurance. This informs decisions around mitigation and investment in controls, program structure and articulating risks to key stakeholders like risk managers, CISO, CFOs and boards.