Management Consulting
Aon
Full Credential Description
The case study focuses on the challenges faced by insurers and their clients in managing cyber risks, particularly in the context of ransomware attacks. The study highlights that companies, regardless of size, encounter unique cyber threats that necessitate tailored security controls. Aon Risk Capital conducted an analysis using data from its Experience Benchmark Database and CyQu platform to identify critical security controls, termed "red flags," that impact insurability and claims frequency. One of the key findings was the significant correlation between the presence of comprehensive security controls and the frequency of ransomware incidents. For both large companies and small to medium-sized enterprises (SME/MM), the absence of essential controls, such as multifactor authentication and phishing education, was linked to higher ransomware attack frequencies. The study revealed that SME/MM companies, particularly those with revenues under $1 billion, experienced a notable decrease in ransomware frequency40% between the second quarter of 2021 and the same period in 2024coinciding with a reduction in security red flags, especially in email filtering and incident response planning. In contrast, large companies showed an increase in ransomware claim frequency despite improvements in their security posture, indicating that their vulnerabilities differ significantly from those of smaller firms. The study suggests that while comprehensive security controls are crucial, they are only one aspect of a broader cyber strategy that must evolve in response to changing threats. Aons CyQu assessment tool was instrumental in helping companies identify gaps in their security measures and prioritize improvements, ultimately leading to better cyber resilience and reduced claims frequency. Overall, the findings underscore the importance of a proactive and comprehensive approach to cybersecurity, where both insurers and commercial buyers can leverage data-driven insights to enhance their risk management strategies and improve insurability outcomes.