Aon’s 2018 Cybersecurity Predictions

A Shift to Managing Cyber as an Enterprise Risk

Published

February 21, 2018

Key takeaways from Aon’s 2018 Cybersecurity Predictions report.

The big idea

Companies’ increasing reliance on technology, regulators’ focus on protecting consumer data, and the value of non-physical assets are causing a convergence of cyber exposures that will require security to be integrated into both business culture and risk management frameworks.

Today’s silo-driven approach to cyber risk management will begin to disintegrate in 2018, in favor of a coordinated C-suite driven approach as leading companies begin to view the impact of cyber risk holistically across all functions of the enterprise .

A few bold predictions for 2018

Businesses adopt standalone cyber insurance policies as boards and executives wake up to cyber liability.

  • Insurance industry will develop new cyber policies
  • Restrict “silent” cyber coverage in existing policies
  • Insurers and reinsurers push for better quantification / modeling to understand correlation and aggregations

As the physical and cyber worlds collide, chief risk officers take center stage to manage cyber as an enterprise risk.

  • Role of CRO will be redefined - work with CISOs and executives to understand enterprise risk from cyber
  • Will make CRO one of the CEO’s most valuable assets
  • Provide meaningful risk story for board and executives, leads to better investment in cybersecurity measures

Criminals look to attack businesses embracing the IoT, in particular targeting a small to mid-sized company providing services to a global organization.

  • We will see an attack on a SMB due to poor IoT security that will impact network of a large organization causing exponentially more damage
  • Large organizations will be more diligent in vetting vendor IoT security
  • SMBs will need to improve cybersecurity measures to win work from large companies

Criminals will target transactions that use points as currency, spurring mainstream adoption of bug bounty programs.

  • Bug bounty programs will expand to the wider airline industry, and retail and hospitality sectors, to protect points used as currency
  • Will require external experts to build effective bug bounty programs


Download report here