Carrier-Aligned Security Assessment (CaSA)

Carrier-Aligned Security Assessment

Learn how your organization can benefit from our carrier-aligned security assessment services.

What is a Carrier-Aligned Security Assessment?

As cyber threats have become more frequent, the ranks of cyber stakeholders have swelled. We have seen cyber security is now discussed regularly by the Board of Directors, the CEO, the CFO and risk and compliance leaders. Organizations report keen interest in the impact potential cyber losses have on profitability — and share prices. Similarly, insurance carriers and even regulatory bodies with an eye on reducing the financial impact of a cyber-related event are placing increased scrutiny on an organization's technical controls.

The Carrier-aligned Security Assessment (the Assessment) is one of Aon's most comprehensive security assessments, providing organizations with a comprehensive understanding of how potential exposures in critical security domains can affect insurability. We also draw a roadmap for strengthening technical controls that may be scrutinized as part of the underwriting process. The Aon team combines deep technical experience, extensive knowledge of underwriting trends in cyber insurance and widely accepted cyber security frameworks to provide organizations with insights that help them make strides toward lowering risk and potentially optimizing cyber placement.

Carrier-Aligned Security Assessment: The Why and When

Explore the research and data points below to learn more about why conducting a Carrier-aligned Security Assessment is an important value-add for organizations at a time of rising cyber security risk:

  • 8.6%

    Public companies lose an estimated 8.6% of their value after a cyber breach.

    Source: Comparitech, How Data Breaches Affect Stock Market Share Prices 

  • 76%

    76% of boards of directors discuss cyber security at every meeting.

    Source: Harvard Business Review, Is Your Board Prepared for New Cybersecurity Regulations? 

  • 68%

    Average cyber insurance rates increased 68% year-over-year in Q2-2022.

    Source: Aon, E&O and Cyber Market Review - Midyear 2022

How Aon Can Help

Each Assessment starts with a cyber quotient (CyQu) assessment — an eSubmission platform that eliminates the paper insurance application and helps to assess an organization’s cyber maturity from an insurability perspective. From there, using widely accepted frameworks like NIST CSF, CISA and ISO, the Aon team will conduct a comprehensive technical review of people, processes, technology and the ecosystem of third parties. Each Assessment is tailored to fit the organization's goals and includes a blend of automated tools and scanning, deep-dive reviews of existing policies and processes, interviews with key stakeholders and validation of cyber posture against the critical control areas.

When analysis and validation efforts are complete, CaSA clients receive a comprehensive package of reports, including:

At the end of the process, clients will receive a detailed reporting package listing key strengths, compensating controls and prioritized areas for improvement so that key stakeholders can better understand how your cyber program aligns with concern areas that insurance markets may focus on. 

Aon’s approach will help deliver a comprehensive understanding of how effective your organization’s controls are across the twelve critical security domains.  With this approach, our team of cyber professionals helps you highlight the best components of your existing program while at the same time providing a detailed roadmap with actionable recommendations for improvements that may have the biggest impact.

The Aon Team

The Aon team that delivers our assessment service combines deep technical experience and extensive knowledge of underwriting trends in cyber insurance provide you with insights that can help you lower risk and optimize cyber placement. With decades of experience managing cyber risk and responding to critical cyber threats, we help you better quantify and reduce overall cyber risk exposure.

Insurance products and services are offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida, and their licensed affiliates.

The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

Let’s Connect

Talk to Our Team

Are you ready to learn how your organization can benefit from our carrier-aligned security assessment services?