To Combat Cyber Risk, Businesses Invest in Resilience

To Combat Cyber Risk, Businesses Invest in Resilience
August 31, 2023 9 mins

To Combat Cyber Risk, Businesses Invest in Resilience

To Combat Cyber Risk, Businesses Invest in Resilience Hero image

Cyber security is a growing business concern, but many companies still need to improve their cyber resilience in key areas. Aon’s 2023 Cyber Resilience Report explores how global industries are protecting themselves against cyber threats.

Key Takeaways
  1. Though businesses are spending more on cyber security, many of them still lack the critical IT controls needed to keep systems and data safe.
  2. The finance and insurance, healthcare and manufacturing industries all made progress in building cyber resilience, but gaps in backup security and other risks remain.
  3. In addition to applying industry-specific solutions, companies can focus on holistic solutions to reduce cyber-related operational, systemic and reputation risks.

Overview

While companies are increasingly investing in the security of their technology, systems and data, cyber risks continue to proliferate. Cyber-security vulnerabilities can threaten business continuity and cost organizations millions of dollars per incident: the global average cost of a data breach was $4.35 million in 2022. In addition to external dangers such as ransomware and phishing attacks, insider cyber threats are raising the threat level for businesses across sectors. Research shows that while leaders understand the importance of cyber security, many CEOs struggle to make decisions in this area.

What can leaders do to not only build their organizations’ cyber security but also strengthen their cyber resilience? Aon’s 2023 Cyber Resilience Report collected data from more than 2,000 clients to explore how businesses around the world are managing a rise in cyber risks, where organizations are making gains and which actions could help them prepare to face future cyber security challenges.

In Depth

Aon’s Cyber Resilience Report found that businesses overall have increased their cyber-security budgets from 2020 levels, with improvements in data security, application security, remote work, access control and endpoint and systems security. The insurance market could be a driver in the move toward greater cyber health, because cautions from insurers have motivated businesses to implement more stringent cyber security controls. Though certain threats — such as vulnerability to inside attacks, reputation risk relating to a cyber incident and insufficient backup security for critical company data — persist, some industries appear to be making notable progress in improving their stance on cyber.

Finance and Insurance: Improvements and Imperatives in Cyber Security

The finance and insurance sector show gains in cyber readiness in 2022, with small and midsize companies moving beyond a basic level of cyber maturity. Clients in this industry also indicated that they have increased their cyber security spend from 2021 levels, with 8 percent of their IT budgets devoted to this area last year. The use of multifactor authentication (MFA), a valuable security protection for financial data, also appears to have increased in 2022; in the U.S., deployment of MFA controls rose to 80 percent from 65 percent in 2021.

However, the finance and insurance sectors still face challenges in cyber resilience. With more customers turning to mobile banking and new forms of digital payment, the growing fintech sector is vulnerable to data breaches, malware and ransomware. And ransomware isn’t only a threat to fintech providers: the finance and insurance industry as a whole reported a 38 percent increase in ransomware claims from fourth quarter 2022 to first quarter 2023.

To Combat Cyber Risk, Businesses Invest in Resilience Image 1

Preparing for ransomware attacks is just one of the actions the finance and insurance sector can take to build cyber resilience. Optimizing cyber insurance, mapping and managing third-party risks, and running a patch management program are also important steps in the journey to stronger cyber security. Finance and insurance businesses in Europe will also need to prioritize meeting the standards of the Digital Operation Resilience Act (DORA) in the next two years.

Cyber Successes and Vulnerabilities in Healthcare

The healthcare industry faces unique cyber-security challenges, complicating the industry’s path to cyber maturity. The need to protect sensitive patient data, an industry-wide IT talent gap, potential liabilities related to regulatory compliance and a move to new technology rooted in the Internet of Things (IoT) are all critical considerations for healthcare companies. In this industry, cyber attacks are not only disruptive and costly — they can also lead to harmful or life-threatening outcomes for patients.

Like the finance and insurance sector, the healthcare industry devoted 8 percent of IT budgets to security in 2022. But the threat of ransomware looms large in healthcare as well: Aon’s Cyber Resilience Report found that while U.S. healthcare companies made notable improvements in protective strategies such as multifactor authentication, U.K. and EMEA healthcare companies lacked 41 percent of critical MFA controls.

To Combat Cyber Risk, Businesses Invest in Resilience Image 2

To mitigate the risk of ransomware and other cyber threats, the healthcare industry can develop a better understanding of its cyber-security exposures. Building cyber resilience through collaboration with internal enterprise operations emergency centers can also strengthen cyber maturity across a healthcare organization. Improving the relationship between business continuity planning and incident response preparedness can contribute to greater alignment in cyber strategy as well. In Europe, the healthcare industry will also need to follow the new Network and Information Security (NIS2) Directive or face potential fines for noncompliance.

Cyber Resilience in Manufacturing

Manufacturing relies on networks of partners of varying sizes and capabilities, and the interconnectedness of the industry expands the footprint for cyber risk. A severe cyber incident has the potential to disrupt the supply chain, and the many smaller companies in the manufacturing ecosystem may have fewer resources to combat a cyber attack. Vulnerabilities in industrial IoT and the lingering effects of COVID-19-era pressures add to the challenges in building cyber resilience in manufacturing.

The industry is making strides in cyber maturity, however. Outpacing finance and insurance and healthcare, manufacturing companies allocated 8.5 percent of their IT budgets to cyber security in 2022. Though manufacturing still has room to grow in terms of cyber health, U.S. and U.K. manufacturers surpass other sectors in operational technology.

To Combat Cyber Risk, Businesses Invest in Resilience Image 3

As in other industries, cyber resilience in manufacturing begins with understanding and managing risk. Focusing on response and recovery strategies and segmenting systems — including a separation of IT and operational technology to minimize in-network threats — could help to build a stronger cyber risk profile. Manufacturers in Europe must also turn their attention to regulatory compliance, upholding the standards outlined by the European Union Agency for Cybersecurity; U.S. manufacturers will need to comply with guidelines set by the National Institute of Standards and Technology.

A Path to Better Decisions in Cyber Resilience

To build cyber resilience, business leaders can consider a holistic approach. IT, finance, HR, risk and other departments are all susceptible to cyber attacks, and all departments can benefit from improvements in cyber strategy. The Aon Cyber Resilience Report identifies steps businesses in any industry can take as they progress toward greater cyber maturity:

  • Backing up information can help reduce operational risk, and a combination of cloud storage and instituting critical IT controls could mitigate the impact of a ransomware attack.
  • Risk modeling, data intelligence and security controls can all help to manage systemic risks that may come from dependence on a limited number of tech services or jeopardizing their cyber security with shared usage of key technologies.
  • Increasing investment in multifactor authentication can add an important layer of security in manufacturing and other industries, especially across the supply chain.
  • Strengthening data security and building cyber awareness could help to combat the risks of phishing attacks and attempts to buy and access data.
  • Developing security operations centers could help businesses close a critical gap in cybersecurity — 40 percent of companies surveyed lacked controls in this area.
  • Investing in cyber insurance may be able to help minimize financial loss should a cyber incident occur. Insurance can also control the fallout from accompanying reputation risks and better maintain the cyber resilience that is increasingly crucial in an interconnected, digitized world.

Cyber Disclaimer

Insurance products and services are offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida, and their licensed affiliates. The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

General Disclaimer

This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

Terms of Use

The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.

Aon's Better Being Podcast

Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.

Aon Insights Series Asia

Expert Views on Today's Risk Capital and Human Capital Issues

Aon Insights Series Pacific

Expert Views on Today's Risk Capital and Human Capital Issues

Aon Insights Series UK

Expert Views on Today's Risk Capital and Human Capital Issues

Construction and Infrastructure

The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.

Cyber Labs

Stay in the loop on today's most pressing cyber security matters.

Cyber Resilience

Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.

Employee Wellbeing

Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.

Environmental, Social and Governance Insights

Explore Aon's latest environmental social and governance (ESG) insights.

Q4 2023 Global Insurance Market Insights

Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.

Regional Results

How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.

Human Capital Analytics

Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.

Insights for HR

Explore our hand-picked insights for human resources professionals.

Workforce

Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.

Mergers and Acquisitions

Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.

Navigating Volatility

How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?

Parametric Insurance

Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.

Pay Transparency and Equity

Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.

Property Risk Management

Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.

Technology

Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.

Top 10 Global Risks

Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.

Trade

Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.

Weather

With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.

Workforce Resilience

Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.

More Like This

View All
View All
Subscribe CTA Banner