The impact of a major cyber incident is on average a 9% drop in shareholder value — over and above the market — in the year following the event, said Aon recently when releasing its 2023 Cyber Resilience Report.
The report is based on proprietary client data collected from Aon’s Cyber Quotient Evaluation (CyQu), Aon’s Ransomware Supplemental Application and Aon’s Operational Technology Application, Aon noted.
CyQu is a global eSubmission and risk assessment platform that helps organizations better manage cyber risk by providing visibility into cyber exposures and insurability drivers, according to the firm.
“We observe that the C-suite increasingly sees that cyber events have the potential to impact all areas of their business,” said Christian Hoffman, global cyber leader for Aon. “Achieving cyber resilience is a recurring theme in board room discussions and the threat is now being addressed from a holistic risk perspective.”
Highlights: Impact of a major cyber incident
Cyber risk: Five domains – endpoint and systems security, remote work, application security, access control and data security - demonstrated the most improvement on changes to CyQu risk profiles, providing greater insight into an organisation's most significant risks and control effectiveness.
Operational risk: Ransomware events decreased 16% from Q3 2022 to Q4 2022, but data from the cyber and errors and omissions insurance marketplace show an uptick in Q1 2023.
Insider risk: Two in five companies reported a lack of security operations center controls, which highlights the need for improved cyber security measures to prevent against phishing, the most common vector for initial network access.
Systemic risk: Managing systemic risk is a high priority, stemming from the use of technology in an interconnected world. As cyber threats evolve, risk quantification models and scenario planning are being refined to accurately determine an organization's risk profile and inform the extent of cyber insurance coverage required.
In addition, Aon also published key insights by industry as follows.
Finance and insurance: Insurance claims are rising, with a 38 percent increase in ransomware claims from Q4 2022 to Q1 2023.
Healthcare: The overall cyber risk score for healthcare clients improved from 2.6 to 2.8, on a scale of 1 to 4. In 2022, for enterprise and global clients in healthcare, the overall risk profile improved from “basic” to “managed” with more than 80 percent of the companies reporting scores of 2.5 or higher.
Manufacturing: Aon’s CyQu data shows that the overall risk score improved from 2.2 to 2.5 – on a scale of 1 to 4 - in 2022 for mid-market clients in the manufacturing industry; however, 56 percent of the companies reported risk scores lower than 2.5 in 2022. The median percent of IT budget reportedly spent on security also rose globally, with companies reporting 8.5 percent of the IT budget dedicated to security.