Cyber Risk: Turning Uncertainty into Opportunity

Why Cyber Risk Demands Board-Level Attention

The digital transformation of business is relentless — and so are the risks. As businesses embrace digitalization and artificial intelligence (AI), the potential for cyber attacks grows exponentially. Cyber risk is not just an IT concern; it’s a whole-enterprise strategic, financial and reputational imperative.

With the global average cost of a data breach reaching a record $4.88 million in 2024,¹ the stakes have never been higher. The reality is that what worked yesterday may not be enough tomorrow. Sophisticated hackers, AI-driven threats and interconnected systems mean even well-prepared organizations are challenged to keep pace.

That’s why cyber threats have been ranked as the number one risk facing businesses in our Global Risk Management Survey for the third time in a row.

The Ever-Evolving Threat Landscape

• Rushed AI Deployments are Creating Security Gaps: The race to capitalize on economic opportunities from new AI technologies has led many companies to launch generative AI solutions before thoroughly testing or securing them, increasing their digital attack surface.
  
  Research shows that fewer than a quarter of current generative AI projects are considered secure, exposing organizations to new vulnerabilities.² AI-powered hiring bots have been known to create  significant security flaws, opening up new entry points for hackers. 
• AI-Powered Attacks Drive Surge in Cyber Crime: Attackers are leveraging AI to automate and scale phishing, ransomware and deepfake attacks, making threats faster and harder to detect. Aon research found that a rise in AI-driven deepfake attacks resulted in a 53 percent increase in social-engineering incidents year-over-year, and social engineering and fraud claims increased by 233 percent.³
• No Industry Is Immune: Recent well-documented breaches targeting retailers, technology providers, healthcare companies and food suppliers underscore that no sector is immune. Ransomware payments are soaring, and even the most sophisticated enterprises are targets.

Building Cyber Resilience is Essential

1. Leverage AI for Defense, Not Just Offense
   While AI increases risk, it also strengthens defense. A recent study found that organizations that invest in security AI and automation report average cost savings of $2.22 million per incident.⁴ AI-driven tools can rapidly identify anomalies, detect threats and empower teams to respond faster — which are essential capabilities as attackers become more sophisticated.
2. Empower People: Training as a First Line of Defense
   Employees remain a company’s strongest asset and weakest link,⁵ and a culture of cyber awareness is critical.⁶ Comprehensive training — especially around AI tools and data handling — reduces human error and builds a culture of vigilance. It’s essential that business leaders champion cyber awareness, ensuring everyone understands their role in protecting the business.
3. Adopt a Risk-Led Approach
   Risk Mitigation: Organizations should regularly assess and update technology and administrative and physical controls. Incident response plans must be tested and refined as threats evolve. Our research shows that cyber preparedness reduces claim payments by as much as 77 percent in the U.S.,⁷ highlighting the opportunity globally.  
   Quantification: Organizations can use objective analytics to quantify cyber risk, supporting better decision making and more-effective risk transfer strategies. This approach enables clearer communication across the business and with external stakeholders. Quantification can materially change the risk strategy, better positioning companies to guard against cyber issues. 
   Third-Party Risk: Structured, detailed assessments of vendors and partners are essential. A single weak link can compromise the entire ecosystem. Cyber-risk controls, detailed in Aon’s Global 2025 Cyber Risk Report, help with all aspects of risk, including third-party vulnerabilities.  

Why It Matters

Cyber risk is a technical challenge — but it can also be an opportunity for strategic advantage. Organizations that effectively manage, quantify and transfer cyber risk are better positioned to safeguard reputation, protect stakeholder value and seize new opportunities in a digital-first world.

¹ Cost of a Data Breach Report 2025; The AI Oversight Gap, IBM, 2025, https://www.ibm.com/reports/data-breach.
² Securing generative AI: What matters now, IBM and AWS, 2024, https://www.ibm.com/thought-leadership/institute-business-value/report/securing-generative-ai.
³ Asia-Pacific’s Commitment to Cyber Security Pays Off, Aon, July 17, 2025, https://www.aon.com/cyber-risk-report/asia-pacifics-commitment-to-cyber-security-pays-off.
⁴ Cost of a Data Breach, 2025.
⁵ Jay Bhalodia, Want to scale cyber defenders? Focus on AI-enabled security and organization-wide training, Cyberscoop, June 28, 2024, https://cyberscoop.com/want-to-scale-cyber-defenders-focus-on-ai-enabled-security-and-organization-wide-training/.
⁶ How to Build a Culture of Cyber Awareness, Aon, October 26, 2023, https://www.aon.com/en/insights/articles/how-to-build-a-culture-of-cyber-awareness.
⁷ Cyber and E&O Market Conditions Remain Favorable Amid Emerging Global Risks, Aon, April 4, 2025, https://www.aon.com/en/insights/articles/cyber-and-eo-market-conditions-remain-favorable-amid-emerging-global-risks.

General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.