2021 CYBER SECURITY RISK REPORT
Balancing risk and opportunity through better decisions
Cyber risk runs deep. Is your organization making informed decisions around its cyber budget?
Aon’s 2021 Cyber Security Risk Report helps answer this question.
Now, more than ever, global leaders are finding themselves under increasing pressure.
Revenues are down, budgets are constrained, and the continuous rush to transform has organizations playing catch-up in the cyber security game. All of which means making tougher decisions in increasingly complex environments.
The majority of the cyber threats organizations face today are not new — connected devices, ransomware, and insider risk will be ever-present. But what is new is that COVID-19 ushered in a 360-degree shift in the nature of business, and in turn exponentially intensified cyber risk.
Underpinned by proprietary data and expert insight, this report explores four key risk themes, and helps organizations evaluate their cyber risk maturity to make better enterprise risk decisions.
Evaluate cyber risk across four key themes
Explore the most pertinent cyber risks, and map them to key cyber security controls, to determine actions your organization can take to close cyber security gaps.
Navigate new exposures:
Rapid digital evolution
40%
Only 40% of organizations report having adequate remote work strategies to manage this risk.
Know your partners:
Third-party risk
21%
Just 21% of organizations report having baseline measures in place to oversee critical suppliers and vendors.
Concentrate on controls:
Ransomware
31%
Only 31% of organizations report having adequate business resilience measures in place to deal with ransomware threats.
Perfect the Basics:
Regulation
36%
Less than two in five organizations (36%) report having adequate levels of data security preparedness.
How does your industry stack up?
Aon’s Cyber Quotient Evaluation (CyQu) data tell us that organizations, across multiple industries, are on average performing under baseline, and only maintaining a basic level of cyber readiness.
-
Construction -
Energy, utilities and natural resources -
Financial institutions -
Life sciences -
Manufacturing -
Professional services -
Retail -
Technology, media and telecommunications
Cyber Quotient Evaluation (CyQu)
CyQu is a cyber risk assessment that evaluates cyber risk across 9 security domains and 35 critical control areas.
- Data Classification
- User Awareness and Training
- Data Protection
- Risk Management
- Governance
- Two-Factor Authentication
- Password Configuration
- Access Management
- Endpoint Protection
- Vulnerability Management
- Asset Inventory
- Secure Configuration
- Logging and Monitoring
- Network Environment
- Wireless
- Network Penetration Testing
- Network Capacity
- Physical Access
- Physical Penetration Testing
- Tampering and Alteration
- Environmental
- Training
- Secure Development
- Software Management
- Third Party Contracts
- Due Diligence
- Third Party Inventory
- Business Continuity/DR
- Incident Response
- Backup
- Remote Security Awareness
- Remote Business Continuity
- Device Vulnerability & Monitoring
- Authentication & Identity
- Remote Connectivity
Develop a blueprint to ask the right questions, in order to make better decisions.
Looking through the lens of four key risk themes, organizations can make better decisions to support changing business models, while protecting their people, clients, partners, and balance sheets.