![On Aon Podcast Hero Image](https://res.aon.com/image/fetch/ar_16:9,c_fill,f_auto,g_auto,h_184,w_327/https://assets.aon.com//-/media/images/aon/insights/podcasts/on-aon-podcast-cover-1920x1080.png)
Podcast 21 mins
On Aon Podcast: Better Being Series Dives into Women’s HealthSimple training courses are no longer enough to build cyber resilience within an organization. To keep up with the increasing frequency, sophistication and severity of cyber attacks, companies should establish a culture of cyber awareness that extends to every level of the organization.
Kate Kuehn, cyber trust leader for Aon’s Cyber Solutions group, shares her ideas on how companies can work to build a culture of cyber awareness.
Kate Kuehn: When it comes to cyber security, employees are a company’s greatest asset and often its weakest link. Organizations should assess not only how they train employees but also how they’re raising awareness of the importance of that training. It’s that maturity of understanding that can make a difference in establishing effective cyber awareness. A good cyber culture helps protect organizations. A poor cyber culture often becomes the Achilles’ heel.
Kate Kuehn: Employers are more reliant on hybrid work environments and technology than they’ve ever been. There used to be one set of rules for the office and one set of rules for travel, and everyone understood those boundaries. Now, we have the home, the office, travel and anywhere else someone might work.
But it’s still important to take the time to underscore basic security principles and best practices. Security is not just bricks and mortar anymore. Security is now primarily about data. We need to make sure people know what they are doing when they are accessing and interacting with data so they know how to keep that data secure.
Kate Kuehn: When working with clients and their executive teams, I frequently encounter a mindset of “hear no evil, see no evil, speak no evil” when it comes to cyber security. Executives often feel like they don’t have to address what they don’t know. That mindset is going to be an increasingly perilous way to address cyber security, not just as cyber attacks become more damaging but also as new regulations are passed. From an executive perspective, cyber security is not a question of “Should I know?” It’s a question of “What should I know?”
It’s key for executives to have a good understanding of what solid cyber maturity looks like and how the organization is maintaining at least a base level of compliance. Whether you’re the CHRO charged with understanding how humans are being impacted by the culture and the data they’re accessing, the CFO examining the financial impact of an operational attack or a leader in any other role, you are responsible for cyber security. That doesn’t mean you have to suddenly become an expert on phishing versus smishing versus whaling, but you have to at least understand the basics to help keep your part of the organization compliant and safe.
Kate Kuehn: It should absolutely take incremental steps. It’s similar to the approach we recommend with the Zero Trust model. You can’t boil the ocean and do Zero Trust everywhere; you have to start small. The same is true with a backup strategy.
We’re seeing a significant rise again in unrecoverable ransomware. That makes backup strategies much more critical, because otherwise you may never get your data back. Given that you can’t back up everything, the executive team should work together to identify and help secure the crown jewels identified as critical for recovery. After that, it’s a question of prioritizing what’s most important. Start with those assets that keep the heartbeat of the organization going and branch out from there.
Kate Kuehn: The problem with cyber security is no matter how much money an organization spends on it, things still might fall through the cracks. Because of that, we recommend that organizations look to start with what is most basic and important and move out from there. One of the first moves is to make sure every executive has gone through a corporate threat assessment. Identify what is being said about key executives on the dark web, what the chatter is about the company or what external geopolitical, geographical or industry-specific threats the company is potentially facing.
Another step is to conduct an adversary simulation. Figure out what would happen if you were attacked in different types of scenarios. Every executive should know their role and what the organization needs them to do in response to the attack. That’s sometimes the hardest thing. Have a process in place that people can trust.
A corporate threat assessment and adversary simulation can help guide an organization on where to focus attention. Once you identify the top two or three critical threats, you can begin to build a road map based on those. Organizations shouldn’t just arbitrarily start building a plan on ransomware or phishing. If they have a better understanding of where to point the arrows, they can design and help execute a more robust cyber security plan.
Read more about the top cyber threats in the 2023 Cyber Resilience Report
General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Expert Views on Today's Risk Capital and Human Capital Issues
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Stay in the loop on today's most pressing cyber security matters.
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Explore Aon's latest environmental social and governance (ESG) insights.
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Explore our hand-picked insights for human resources professionals.
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
Article 11 mins
The renewable energy sector is undergoing a sweeping transformation, as it plays a pivotal role in the challenge to achieve global net-zero goals. Attracting, upskilling and retaining talent is critical for sustainability.
Article 12 mins
Contractors in EMEA face an array of risks they must mitigate or transfer while managing the complexities inherent in major construction projects.
Article 20 mins
As more companies seek to reduce their carbon footprint, the renewable energy sector continues to grow, presenting both opportunities and red flags for organizations with renewable energy growth plans.