Winner: AON

In 2017, Aon developed the Aon Cyber Resilience Framework – a comprehensive client roadmap for improving cybersecurity, showcasing Aon’s holistic approach to understanding, minimising, and transferring cyber risk.  

It can be utilised by a risk team to map internal management of cyber exposure and, at each step, Aon has developed and deployed client services that demonstrate its unique value proposition.


Assess: Aon’s proprietary cyber diagnostic tool delivers a high-level benchmarking of cyber exposure. The automated report output provides an overall cyber risk maturity score encompassing overall profile, IT infrastructure and hardware, IT application and so ware, data privacy governance, cyber attacks, systems failures and data breaches. The tool now o ers customised reports that provide meaningful insight into cyber risk vulnerabilities and guidance on governance frameworks that underpin an effective cyber risk resilience strategy.

Test: Aon’s ethical ‘red team’ hackers use sophisticated techniques to compromise networks by emulating the behaviour of attackers, enabling an organisation to test whether it can be infiltrated, whether it can detect infiltration and how infiltration is managed internally. Regulators in Asia increasingly recognize testing of this nature as a high benchmark for establishing cyber resilience.

Improve: True cyber resilience requires a top-down understanding of exposure and appropriate response. To achieve this, Aon conducts crisis simulations with senior leadership to test and rehearse organisational response to a cyber risk scenario. This exercise allows organisations to assess their existing incident response planning and crisis readiness at an enterprise risk level. Aon has deployed these simulations for individual clients, exploring bespoke scenarios with a cross-section of senior leadership. It also performed a simulation at industry events, empowering risk managers to conduct their own crisis dress rehearsals.

Quantify: Aon’s consulting team models the financial impacts of cyber risk events through a frequency, severity and probable maximum loss analysis of relevant cyber risk scenarios, leading to a reasoned recommendation of policy limits and deductibles. This exercise has been deployed in Asia to test the existing limits for a diversified conglomerate and to assess the commercial viability of risk transfer solutions for a major transportation company, among others.

Transfer: Clients are able to access specialist brokers, industry experts and significant global insurance capacity. Aon has placed two of Asia’s largest cyber insurance policies at premiums that were significantly more competitive than comparable global placements. Critically, breadth of cover was a paramount concern and Aon was able to secure industry-leading terms and conditions with global cyber insurers and bespoke amendments and extensions to meet this need.

Respond: Aon’s integration in 2017 of subsidiary Stroz Friedberg, leading international providers of IT forensics services, was a game changer in shaping the breadth and depth of expertise clients will come to demand from their risk advisors. 


“This is one organisations should seriously allocate budget into.”