From the risks of 5G and COVID-related phishing scams, to targeted attacks on public bodies across North America, cyber risk is becoming an ever-present threat to all organizations.
That’s why Aon has announced that it will be releasing a platform to help companies enhance their cyber risk posture, called Aon’s Cyber Awareness Training. The platform will focus on educating employees about common cyber risks and how to incorporate best practices into their everyday operations – an important focus given that cybercriminals tend to take advantage of employee errors to infiltrate organizations. In fact, the training couldn’t have come at a better time, as organizations face a tidal wave of risks.
“Before the pandemic hit, we were starting to see ransomware attacks become more complicated, more intricate, and happen more often,” said Katharine Hall (pictured), SVP of Aon’s national cyber practice and its Professional Services Group broking leader. “There were trends like double extortion, where they would get your information and they would seize your system, so it just became more and more difficult to combat – and then you add COVID on top of that.”
Now, individuals are working from home, typically with less network security, and are seeing suspicious COVID emails about government funding and vaccines that make clicking on unreliable links more enticing. The crisis has also given bad actors new tools to exploit people who are at home, and are already stressed and distracted.
“There is a successful ransomware attack every 14 seconds,” said Hall, quoting research by Cybersecurity Ventures. “It’s a little bit like shooting fish in a barrel, [especially] at the beginning of COVID, [and] the conversation now in cyber is all about ransomware attacks, social engineering, and how do you protect yourself.”
Moreover, underwriters are becoming more interested in how companies are protecting themselves from cyber risks, marking a broader shift towards preventative strategies that’s taking place across the insurance industry. That’s where Aon’s new platform really comes in handy – it’s all about enlisting employees to help defend their companies and training them about what to watch for.
“This particular tool is incredibly helpful because it was developed by people that were coming in after the attacks. Based on what they’ve seen, they’ve reverse-engineered the attacks and figured out what the trends are and what people are likely to click on,” explained Hall.
The training is also more interesting than other options, as it’s been gamified to hold the attention of trainees, taking them through tests and games where they can score points. Meanwhile, from a management perspective, leaders can use the system to check on employees and make sure they’re moving through the information.
The Aon program fits neatly into the broader cyber expertise and services that the broking giant offers insureds today. Hall pointed to Aon’s range of offerings that focus on insurance and risk transfer, but also on helping clients and prospects look at their exposures and manage them. Notably, over the last few years, Aon has built out an active cyber consulting team globally, and recently acquired Cytelligence, a Canadian-based cyber security firm with technical expertise in incident response and digital forensics services.
“That true forensic incident response experience informs how we talk to our clients about making their experience better – not just about getting them an insurance product, but helping them manage their business risk, so that they can continue to manage their business,” said Hall.
Brokers who operate in the Canadian cyber insurance space would do well to follow in Aon’s footsteps, by understanding clearly what their clients’ exposures are and finding the right partners in the marketplace to work with, as well as staying on top of the constant cyber developments.
After all, said Hall, “The coverages are changing, the exposure is changing – 18 months ago, we would have tangentially talked about ransomware attacks, but we wouldn’t have talked about it with such focus and attention – so you have to continually understand that the cyber market is changing, and the cyber experience of our insureds is changing.”