Throughout 2022, ransomware frequency declined as mitigation efforts appeared to take hold. Then the calendar turned to 2023 and trends changed. The second quarter 2023 saw a 176 percent jump in ransomware attacks over Q2 2022, according to Aon data — a warning sign to businesses that may have let their cyber security guard down.
Aon’s cyber industry professionals believe ransomware frequency will likely return to its regular growth trend line at least through the remainder of 2023.
Year-over-Year Cyber Incident Frequency Change by Quarter
Capability Overview
Cyber Resilience
Article
Escalating Cyber Security Risks Mean Businesses Need to Build Resilience
Article
Managing Cyber Risk through Return on Security Investment
In early 2023, attacks primarily occurred in the following industries:
Cyber resilience remained a top concern for businesses in 2022. Organizations did, though, report an aggregate improvement in critical controls implementation, as insurers required more stringent risk management practices.
Critical controls that limit the probability of a ransomware event are an important part of the underwriting process. As capacity has returned to help soften the cyber market, underwriters continue to operate at a more in-depth, technology-driven and sophisticated level.3
Organizations focused more on cloud backup controls:
Organizations should continue to focus on robust backup solutions. Sixty-eight percent of the companies in Q1 2023 still have no backup location offline, which limits their ability to recover critical data, not just from cyber events but also from outages and failures.
Business resilience also remains a concern. In Q1 2023 63 percent of companies reported that tabletop exercises were not conducted as part of business continuity and resilience planning.
With ransomware growing, special focus should be placed on endpoint system security. In Q1 2023 57 percent of companies lacked segregation of end-of-life software, amplifying vulnerabilities that provide an entry door to threat actors.
These eight tips can help build cyber resilience and mitigate the risk of organizations falling victim to ransomware:
1. Be proactive — Ensure that the incident response (IR) plan/playbook and business continuity plan/disaster recovery have been assessed, reviewed and updated. Most importantly, ensure they are tested through simulated practice across realistic scenarios to help improve resilience.
2. Educate employees on cyber security and phishing awareness — Companies must create a culture where all employees feel responsible for enterprise security. They should encourage individuals to detect and defend against threats, risks and attacks. Phishing is still a leading cause of unauthorized access to corporate networks, serving as the entry point for many ransomware attacks, and through artificial intelligence threat actors are making phishing campaigns look plausible, hooking victims at a higher rate. Training colleagues to not only spot a phishing email, but also report the email to their internal cyber security team, among others, has never been a more critical step in detecting an early-stage attack and reducing exposure.
3. Employ multi-factor or “two-step” authentication — Multifactor authentication across all forms of login and access to email, remote desktops, external-facing or cloud-based systems and networks should be considered as a requirement for everyone. Multi-factor authentication also has the capability to help prevent the exploitation of stolen login credentials.
4. Keep systems patched and updated — Unpatched vulnerabilities can allow attackers to compromise corporate networks. They often identify vulnerable systems with a simple online scan. Attackers engage in this exercise broadly and indiscriminately, looking for exploitable systems on which to unleash ransomware and other cyber attacks.
5. Install and properly configure endpoint detection and response tools — Tools that focus on endpoint detection and response can help decrease the risk of ransomware attacks. They are useful as part of incident investigation and response. Properly configured security tools provide a much greater chance of detecting, alerting and blocking threat actor behavior.
6. Design company networks, systems and backups to reduce the impact of ransomware — Ensure all privileged accounts are strictly controlled. Segment networks to reduce the spread of adversaries or malware. Strong logins and alerts offer better detection and evidence in the event of incident response. Establishing a technical security strategy that is informed by architects that know the latest attacks and adversary trends is important, as is the use of continuous threat intelligence monitoring in open source and on the dark web.
7. Consider risk transfer options — Because ransomware attacks can threaten an organization’s reputation and goodwill, its complete risk can never be fully mitigated or transferred. Regardless, organizations should consider obtaining appropriate cyber insurance coverage by reviewing how it addresses indemnification for financial loss, business interruption, fees and expenses associated with the ransom and incident response. They should also carefully consider service providers, such as the ability to work with incident response providers of choice.
8. Pre-arrange your third-party response team — An effective ransomware response will often include all or some third-party expertise across the disciplines of forensic incident response, legal counsel, crisis communications and ransom negotiation and payment. As time is of the essence during a ransomware attack, it is critical to pre-vet and pre-engage a team of professionals to monitor and be ready to respond to an attack when it happens.
Mitigating the risk of ransomware is a challenge for all businesses, large and small. But with the right risk mitigation and backup strategies in place, organizations and their people will be better prepared and more resilient for whatever comes their way.
General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Podcast 10 mins
Better Being Series: Discover the ‘Blue Zones’ Where People Live Longer
Podcast 20 mins
Better Being Series: Improving Your Financial Wellbeing
Podcast 17 mins
Better Being Series: Are You Taking Care of Your Digital Wellbeing?
Podcast 19 mins
On Aon Podcast: Better Being Series Dives into Women’s Health
Podcast 29 mins
On Aon’s Better Being Series: The World Wellbeing Movement
Podcast 28 mins
On Aon’s Better Being Series: Mental Health and Creating Kinder Cultures
Podcast 25 mins
On Aon’s Better Being Series: Managing Loss and Grief
Podcast 24 mins
On Aon’s Better Being Series: Measuring Wellbeing
Podcast 25 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience
Podcast 23 mins
On Aon’s Better Being Series: Human SustainabilityExpert Views on Today's Risk Capital and Human Capital Issues
Article 2 mins
Introduction: Clarity and Confidence to Make Better Decisions
Article 2 mins
The Age of Rising Resilience – An Economic Outlook
Article 3 mins
Building Resilience Against the Constant Cyber Threat
Article 2 mins
Making Better Decisions – A Treasurer’s Perspective
Article 2 mins
How to Balance the Conflicting Forces of Efficiency, Performance and Wellbeing
Article 3 mins
Seizing the Opportunity: Building a Comprehensive Approach to Risk Transfer
Article 2 mins
Tapping New Markets to Unlock Deal Value
Article 5 mins
The Rise of the Skills-Based Organisation
Article 2 mins
Creating a Fair and Equitable Workforce for Everyone
Article 3 mins
The Year of the Vote: How Geopolitical Volatility Will Impact Businesses
Article 2 mins
The Aon DifferenceThe construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Article 8 mins
How North American Construction Contractors Can Mitigate Emerging Risks
Article 7 mins
Managing Construction Risks: 7 Risk Advisory Steps
Article 7 mins
Unlocking Capacity and Capital in a Challenging Construction Risk Market
Article 7 mins
Protecting North American Contractors from Extreme Heat Risks with Parametric
Article 5 mins
How Climate Modeling Can Mitigate Risks and Improve Resilience in the Construction Industry
Report 1 mins
Construction Risk Management Europe Report 2023
Article 8 mins
Parametric Can Help Mitigate Extreme Heat Risks for Contractors in EMEA
Article 9 mins
How the Construction Industry is Navigating Climate Change
Article 11 mins
Top Risks Facing Construction and Real Estate OrganizationsStay in the loop on today's most pressing cyber security matters.
Cyber Labs 9 mins
Bypassing EDR through Retrosigned Drivers and System Time Manipulation
Cyber Labs 10 mins
DNSForge – Responding with Force
Cyber Labs 7 mins
Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules
Cyber Labs 3 mins
Command Injection and Path Traversal in StoneFly Storage Concentrator
Cyber Labs 7 mins
Adopt an AI Approach with Confidence, for CISOs and CIOs
Cyber Labs 3 mins
Responding to the CrowdStrike Outage: Implications for Cyber and Technology Professionals
Cyber Labs 10 mins
DUALITY Part II - Initial Access and Tradecraft Improvements
Cyber Labs 17 mins
Cracking Into Password Requirements
Cyber Labs 57 mins
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control
Cyber Labs 7 mins
Restricted Admin Mode – Circumventing MFA On RDP Logons
Cyber Labs 9 mins
Detecting “Effluence”, An Unauthenticated Confluence Web Shell
Cyber Labs 10 mins
Flash Loan Attacks: A Case StudyOur Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Article 9 mins
Building Resilience in a Buyer-Friendly Cyber and E&O Market
Article 11 mins
A Middle Market Roadmap for Cyber Resilience
Article 8 mins
Lessons Learned from the CrowdStrike Outage: 5 Strategies to Build Cyber Resilience
Article 8 mins
Responding to Cyber Attacks: How Directors and Officers and Cyber Policies Differ
Article 7 mins
Why Now is the Right Time to Customize Cyber and E&O Contracts
Article 6 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks
Article 7 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling Globally
Article 5 mins
Managing Cyber Risk through Return on Security Investment
Article 10 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside
Article 9 mins
Why HR Leaders Must Help Drive Cyber Security Agenda
Article 10 mins
Escalating Cyber Security Risks Mean Businesses Need to Build ResilienceOur Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Article 9 mins
The Next Evolution of Wellbeing is About Performance
Article 6 mins
Three Ways Collective Retirement Plans Support HR Priorities
Article 9 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work
Podcast 19 mins
On Aon Podcast: Better Being Series Dives into Women’s Health
Article 7 mins
Making Wellbeing Part of a Company’s DNA
Podcast 24 mins
On Aon’s Better Being Series: Measuring Wellbeing
Podcast 25 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience
Article 7 mins
Why Workforce Wellbeing is Vital to Company Performance
Article 7 mins
COVID-19 has Permanently Changed the Way We Think About WellbeingExplore Aon's latest environmental social and governance (ESG) insights.
Article 8 mins
Why ESG Is Even More Important In A Crisis Like COVID-19
Podcast 16 mins
On Aon Podcast: Approach to DE&I in the WorkplaceOur Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Article 12 mins
Q4 2023: Global Insurance Market Overview
Article 13 mins
Top Risk Trends to Watch in 2024How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Article 12 mins
Top Risks Facing Organizations in Asia Pacific
Article 12 mins
Top Risks Facing Organizations in North America
Article 10 mins
Top Risks Facing Organizations in Europe
Article 8 mins
Top Risks Facing Organizations in Latin America
Article 8 mins
Top Risks Facing Organizations in the Middle East and Africa
Article 9 mins
Top Risks Facing Organizations in the United KingdomOur Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Article 14 mins
How Technology Will Transform Employee Benefits in the Next Five Years
Podcast 18 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits
Article 8 mins
Integrating Workforce Data to Uncover Hidden Insights
Article 9 mins
How Employers Can Use Data to Improve Their Health Plans
Podcast 24 mins
On Aon’s Better Being Series: Measuring Wellbeing
Article 11 mins
Designing Tomorrow: Personalizing EVP, Benefits and Total Rewards
Article 9 mins
How to Balance Cost with Growth in a Shifting Talent Market
Article 8 mins
How Companies are Mitigating Rising Medical Costs
Article 10 mins
How Data and Analytics Can Optimize HR ProgramsExplore our hand-picked insights for human resources professionals.
Article 7 mins
COVID-19 has Permanently Changed the Way We Think About Wellbeing
Article 7 mins
DE&I in Benefits Plans: A Global Perspective
Article 10 mins
How Data and Analytics Can Optimize HR Programs
Article 9 mins
Why HR Leaders Must Help Drive Cyber Security Agenda
Article 7 mins
Case Study: The LPGA Unlocks Talent Potential with Data
Article 11 mins
Navigating the New EU Directive on Pay Transparency
Article 4 mins
How to Design Better Talent Assessment to Promote DE&I
Article 6 mins
Training and Transforming Managers for the Future of Work
Article 7 mins
Rethinking Your Total Rewards Programs During Mergers and Acquisitions
Article 14 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across IndustriesOur Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Report 14 mins
A Workforce in Transition Prepares to Meet a Host of Challenges
Article 17 mins
3 Strategies to Improve Career Outcomes for Older Employees
Article 7 mins
Companies Need a Global Benefits Identity in an Era of Cost Containment
Article 8 mins
Driving Inclusion and Diversity with Employee Benefits
Article 17 mins
Five Big Human Resources Trends to Watch in 2024
Article 8 mins
How Companies are Mitigating Rising Medical Costs
Report 1 mins
The Global Medical Trend Rates Report 2025
Podcast 25 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience
Article 9 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work
Article 11 mins
Advancing Women’s Health and Equity Through Benefits and Support
Podcast 18 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits
Article 7 mins
How Collective Retirement Plans Help Support Financial SustainabilityOur Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Article 8 mins
Exit Strategy Value Creation Opportunities Exist as Economic Pressures Persist
Article 5 mins
Future Trends for Financial Sponsors: Secondary Transactions
Article 7 mins
3 Ways to Unlock M&A Value in a Challenging Credit Environment
Article 7 mins
Rethinking Your Total Rewards Programs During Mergers and Acquisitions
Article 9 mins
Organizational Design and Talent Planning are Key to M&A Success
Article 7 mins
An Ever-Complex Global Tax Environment Requires Strong M&A Risk Solutions
Article 6 mins
Project Management for HR: The Secret Behind a Successful M&A Deal
Article 9 mins
Cultural Alignment Planning Drives M&A Success
Report 1 mins
A Guide to Maximizing Value in Post-Merger Integrations
Report 2 mins
The ABC's of Private Equity M&A: Deal Flow Impacts of Al, Big Tech and Climate Change
Article 11 mins
The Silver Lining on M&A Deal Clouds: M&A Insurance Insights from 2023How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Article 10 mins
How Public Entities and Businesses Can Use Parametric for Emergency Funding
Article 6 mins
Parametric Insurance: A Complement to Traditional Property Coverage
Article 8 mins
Using Parametric Insurance to Match Capital to Climate Risk
Article 6 mins
Using Parametric Insurance to Close the Earthquake Protection Gap
Article 5 mins
How Technology Enhancements are Boosting ParametricOur Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Article 10 mins
How Financial Institutions can Prepare for Pay Transparency Legislation
Article 8 mins
Pay Transparency Can Lead to Better Equity Across Benefits
Article 12 mins
Understanding and Preparing for the Rise in Pay Transparency
Podcast 14 mins
On Aon Podcast: Understanding Pay Transparency Regulations
Article 11 mins
Navigating the New EU Directive on Pay Transparency
Article 7 mins
To Disclose Pay or Not? How Companies are Approaching the Pay Transparency Movement
Podcast 19 mins
On Aon Podcast: Better Being Series Dives into Women’s Health
Article 11 mins
Advancing Women’s Health and Equity Through Benefits and Support
Article 8 mins
Driving Inclusion and Diversity with Employee Benefits
Article 7 mins
Belonging at Work: How Employers can Strengthen DE&I
Article 7 mins
DE&I in Benefits Plans: A Global Perspective
Podcast 16 mins
On Aon Podcast: Approach to DE&I in the WorkplaceForecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Article 8 mins
Florida Hurricanes Not Expected to Adversely Affect Property Market
Article 10 mins
Build Resilience for an Extremely Active Atlantic Hurricane Season
Article 6 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market
Podcast 16 mins
On Aon Podcast: Navigating and Preparing for Catastrophes
Article 6 mins
Parametric Insurance: A Complement to Traditional Property Coverage
Article 6 mins
Navigating Climate Risk Using Multiple Models and Data Sets
Article 5 mins
Rising Losses From Severe Convection Storms Mostly Explained by Exposure Growth
Article 6 mins
Using Parametric Insurance to Close the Earthquake Protection GapOur Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Article 15 mins
How Artificial Intelligence is Transforming Human Resources and the Workforce
Report 18 mins
Evolving Technologies Are Driving Firms to Harness Opportunities and Defend Against Threats
Alert 3 mins
Better Decisions Brief: Perspectives on the CrowdStrike Outage
Article 12 mins
5 Ways Artificial Intelligence can Boost Claims Management
Article 6 mins
Artificial Intelligence and the Next Frontier for Financial Institutions
Article 10 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside
Article 6 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks
Article 9 mins
Overcoming the Reputational Cost of Cyber Attacks: The 10-Day Plan
Article 9 mins
Why HR Leaders Must Help Drive Cyber Security Agenda
Article 5 mins
How Technology Enhancements are Boosting Parametric
Article 9 mins
How to Futureproof Data and Analytics Capabilities for ReinsurersTrade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Article 7 mins
Cyber Attack or Data Breach
Article 4 mins
Business Interruption
Article 4 mins
Economic Slowdown or Slow Recovery
Article 5 mins
Failure to Attract or Retain Top Talent
Article 5 mins
Regulatory or Legislative Changes
Article 4 mins
Supply Chain or Distribution Failure
Article 6 mins
Commodity Price Risk or Scarcity of Materials
Article 4 mins
Damage to Brand or Reputation
Article 5 mins
Failure to Innovate or Meet Customer Needs
Article 4 mins
Increasing Competition
Report 3 mins
Business Decision Maker SurveyOur Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
Article 8 mins
The Evolving Threat of Cargo Theft: 5 Key Mitigation Strategies
Report 3 mins
Global Risk Management Survey
Report 15 mins
Wide-Ranging Trade Issues Confront Global Businesses on Multiple Fronts
Article 6 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market
Article 14 mins
Cutting Supply Chains: How to Achieve More Reward with Less Risk
Article 9 mins
Driving Private Equity Value Creation Through Credit Solutions
Article 7 mins
4 Steps to Help Take Advantage of a Buyer-Friendly Directors' & Officers' Market
Article 9 mins
Managing Reputational Risks in Global Supply Chains
Article 6 mins
How an Outsourced Chief Investment Officer Can Help Improve Governance and Manage Complexity
Article 8 mins
Decarbonizing Your Business: Finding the Right Insurance and Strategy
Article 8 mins
Reputation Analytics as a Leading Indicator of ESG RiskWith a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Article 8 mins
Florida Hurricanes Not Expected to Adversely Affect Property Market
Report 16 mins
Climate Analytics Unlock Capital to Protect People and Property
Report 3 mins
Climate and Catastrophe Insight
Article 10 mins
How Public Entities and Businesses Can Use Parametric for Emergency Funding
Podcast 12 mins
On Aon Podcast: Tackling Climate Risk to Build Economic Resilience
Article 8 mins
Understanding Freeze Risk in a Changing Climate
Podcast 9 mins
On Aon Podcast: Climate Science Through Academic Collaboration
Article 6 mins
How Companies Are Using Climate Modeling to Improve Risk Decisions
Podcast 7 mins
On Aon Insights: Climate and Supply Chain
Article 8 mins
Using Parametric Insurance to Match Capital to Climate Risk
Article 9 mins
How the Construction Industry is Navigating Climate Change
Article 9 mins
Record Heatwaves: Protecting Employee Health and SafetyOur Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
Article 7 mins
Using Data to Close Workforce Gaps in Financial Institutions
Article 5 mins
Using Data to Close Workforce Gaps in Retail Companies
Article 7 mins
Using Data to Close Workforce Gaps in Technology Companies
Article 5 mins
Using Data to Close Workforce Gaps in Manufacturing Companies
Article 6 mins
Using Data to Close Workforce Gaps in Life Sciences Companies
Report 4 mins
Measure Workforce Resilience for Better Business Outcomes
Podcast 18 mins
On Aon Podcast: Methodology to Predict Employee Performance for the LPGA
Article 6 mins
Training and Transforming Managers for the Future of Work
Article 14 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across Industries
Article 8 mins
Hurricanes Helene and Milton insured loss estimates are expected to fall between $34 billion and $54 billion. Healthy, well-capitalized insurance and reinsurance markets are positioned to absorb those losses.
Article 17 mins
Buyer-friendly conditions continued across much of the global insurance market in Q3, painting a largely positive picture as we head into year-end renewals.
Article 10 mins
A successful M&A strategy relies on due diligence across financial, legal, human capital, technology, cyber security and intellectual property risks. As cyber threats become more complex, robust cyber due diligence in private equity and acquisitions is increasingly necessary.
You will soon receive an email to verify your email address. Please click on the link included in this note to complete the subscription process, which also includes providing consent in applicable locations and an opportunity to manage your email preferences.
Article 5 Min Read
Article 10 Min Read
Your request is being reviewed so we can align you to the best resources on our team. In the meantime, we invite you to explore some of our latest insights below.
Article 5 Min Read
Article 10 Min Read