Case Study – Optimizing Cyber Placement with Targeted Control Validation
Case Study
Carrier-Aligned Security Assessment
Learn how your organization can benefit from our carrier-aligned security assessment services.
What is a Carrier-Aligned Security Assessment?
As cyber threats have become more frequent, the ranks of cyber stakeholders have swelled. We have seen cyber security is now discussed regularly by the Board of Directors, the CEO, the CFO and risk and compliance leaders. Organizations report keen interest in the impact potential cyber losses have on profitability — and share prices. Similarly, insurance carriers and even regulatory bodies with an eye on reducing the financial impact of a cyber-related event are placing increased scrutiny on an organization's technical controls.
The Carrier-aligned Security Assessment (the Assessment) is one of Aon's most comprehensive security assessments, providing organizations with a comprehensive understanding of how potential exposures in critical security domains can affect insurability. We also draw a roadmap for strengthening technical controls that may be scrutinized as part of the underwriting process. The Aon team combines deep technical experience, extensive knowledge of underwriting trends in cyber insurance and widely accepted cyber security frameworks to provide organizations with insights that help them make strides toward lowering risk and potentially optimizing cyber placement.
Carrier-Aligned Security Assessment: The Why and When
Explore the research and data points below to learn more about why conducting a Carrier-aligned Security Assessment is an important value-add for organizations at a time of rising cyber security risk:
-
8.6%
Public companies lose an estimated 8.6% of their value after a cyber breach.
Source: Comparitech, How Data Breaches Affect Stock Market Share Prices
-
76%
76% of boards of directors discuss cyber security at every meeting.
Source: Harvard Business Review, Is Your Board Prepared for New Cybersecurity Regulations?
-
68%
Average cyber insurance rates increased 68% year-over-year in Q2-2022.
Source: Aon, E&O and Cyber Market Review - Midyear 2022
How Aon Can Help
Each Assessment starts with a cyber quotient (CyQu) assessment — an eSubmission platform that eliminates the paper insurance application and helps to assess an organization’s cyber maturity from an insurability perspective. From there, using widely accepted frameworks like NIST CSF, CISA and ISO, the Aon team will conduct a comprehensive technical review of people, processes, technology and the ecosystem of third parties. Each Assessment is tailored to fit the organization's goals and includes a blend of automated tools and scanning, deep-dive reviews of existing policies and processes, interviews with key stakeholders and validation of cyber posture against the critical control areas.
More Cyber Offerings
When analysis and validation efforts are complete, CaSA clients receive a comprehensive package of reports, including:
-
List of Key Findings
A rundown of strengths and a prioritized list of key findings on risks to be mitigated
-
Cyber Maturity Score
A cyber maturity score and benchmarking by industry and sector
-
Technical Appendices
Technical appendices from scans of public-facing IP and URL addresses
-
Cyber Insurance Insights
Experts will give you insights into how underwriters may view each identified control or risk management deficiency
-
Stakeholder Briefing
Briefing for key stakeholders to review findings
-
Web Findings
Deep and dark web findings (optional)
-
Scan Reports
Technical reports from adversary simulation scans (optional)
At the end of the process, clients will receive a detailed reporting package listing key strengths, compensating controls and prioritized areas for improvement so that key stakeholders can better understand how your cyber program aligns with concern areas that insurance markets may focus on.
Aon’s approach will help deliver a comprehensive understanding of how effective your organization’s controls are across the twelve critical security domains. With this approach, our team of cyber professionals helps you highlight the best components of your existing program while at the same time providing a detailed roadmap with actionable recommendations for improvements that may have the biggest impact.
The Aon Team
The Aon team that delivers our assessment service combines deep technical experience and extensive knowledge of underwriting trends in cyber insurance provide you with insights that can help you lower risk and optimize cyber placement. With decades of experience managing cyber risk and responding to critical cyber threats, we help you better quantify and reduce overall cyber risk exposure.
Insurance products and services are offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida, and their licensed affiliates.
The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.
