Snapshot

  • A strategic approach to cyber security needs to be circular and iterative, and importantly, informed by data.
  • To achieve sustained resilience and maximise investment in security and risk management, businesses circle through the Cyber Loop entry points — assess, mitigate, transfer, and recover.

Learn more

There is nothing linear about cyber security

According to Aon’s 2021 Cyber Security Risk Report[1], business and information technology leaders are under increasing pressure to optimise return on investment in risk management in an increasingly complex operating context. Insurance providers are also feeling the pressure, as loss frequency and severity outpace cyber rate increase[2], with many providers halving the amount of cyber coverage they offer after a recent surge in ransomware attacks resulted in considerable payouts[3]. There is no doubt that cyber risk has, and will continue, to add more complexity to an already challenging business environment. Many businesses find themselves ill-prepared to manage this risk. Only two in five organisations report being ready to navigate new exposures arising from rapid digital evolution, and more alarming, only 31 percent have adequate measures in place to manage business disruptions from cyber risk[4].

To achieve sustained resilience and maximise investment in security and risk management, a strategic approach to cyber security needs to be circular and iterative, and importantly, informed by data[1].

The Cyber Loop

Aon’s Cyber Loop model acknowledges that each organisation will start its journey from a different place: assess, mitigate, transfer, or recover. Once within the Loop, businesses become informed participants in managing risk, engaged in continuous review, improvement, and investment in security – guided by data.

As an organisation collects data, makes decisions, and acts across each step of the Loop, it strengthens its ability to rapidly detect, respond and recover to emerging cyber risks. Without data-backed insight across the full cyber resilience journey, it is difficult to understand the total cost of cyber risk to an organisation. Quantification methodologies, integrated across the Cyber Loop, enable organisations to validate the cost benefit of risk management strategies — such as security controls and insurance — and effectively measure return on investment.

It is time to become an informed participant in managing risk. Stakeholders across businesses must come together to assess where they sit in the circular cyber resilience journey and harness the value of data to make better decisions.

Learn more

 

References 

[1] Aon. 2021. Balancing risk and opportunity through better decisions. April 2021. Retrieved from https://www.aon.com/2021-cyber-security-risk-report/

[2] Aon, Crawford. (2021). A guide to successfully managing cyber claims: Get prepared, take control, and optimise recovery. White Paper.

[3] Aon. (2022). E&) and Cyber Market Review.

[4] Aon. 2021. Balancing risk and opportunity through better decisions. April 2021. Retrieved from https://www.aon.com/2021-cyber-security-risk-report/

Want to keep up to date with our insights?

Privacy Policy