Breach Assistance
Support
Carrier-Aligned Security Assessment (CaSA)
What is a Carrier-Aligned Security Assessment?
As cyber threats have become more frequent, the ranks of cyber stakeholders have swelled. We have seen cyber security is now discussed regularly by the Board of Directors, the CEO, the CFO and risk and compliance leaders. Organizations report keen interest in the impact potential cyber losses have on profitability — and share prices. Similarly, insurance carriers and even regulatory bodies with an eye on reducing the financial impact of a cyber-related event are placing increased scrutiny on an organization's technical controls.
The carrier-aligned security assessment (CaSA) is one of Aon's most comprehensive security assessments, providing organizations with a comprehensive understanding of how potential exposures in critical security domains can affect insurability. We also draw a roadmap for strengthening technical controls that may be scrutinized as part of the underwriting process. The Aon team combines deep technical experience, extensive knowledge of underwriting trends in cyber insurance and widely accepted cyber security frameworks to provide organizations with insights that help them make strides toward lowering risk and potentially optimizing cyber placement.
Carrier-Aligned Security Assessment (CaSA): The Why and When
Explore the research and data points below to learn more about why conducting a carrier-aligned security assessment is an important value-add for organizations at a time of rising cyber security risk:
-
8.6%
Public companies lose an estimated 8.6% of their value after a cyber breach.
Source: Comparitech, How Data Breaches Affect Stock Market Share Prices
-
76%
76% of boards of directors discuss cyber security at every meeting.
Source: Harvard Business Review, Is Your Board Prepared for New Cybersecurity Regulations?
-
68%
Average cyber insurance rates increased 68% year-over-year in Q2-2022.
Source: Aon, E&O and Cyber Market Review - Midyear 2022
How Aon Can Help
Each CaSA starts with a cyber quotient (CyQu) assessment — an eSubmission platform that eliminates the paper insurance application and helps to assess an organization’s cyber maturity from an insurability perspective. From there, using widely accepted frameworks like NIST CSF, CISA and ISO, the Aon team will conduct a comprehensive technical review of people, processes, technology and the ecosystem of third parties. Each CaSA is tailored to fit the organization's goals and includes a blend of automated tools and scanning, deep-dive reviews of existing policies and processes, interviews with key stakeholders and validation of cyber posture against the critical control areas.
More Cyber Offerings
When analysis and validation efforts are complete, CaSA clients receive a comprehensive package of reports, including:
-
List of Key Findings
A rundown of strengths and a prioritized list of key findings on risks to be mitigated
-
Cyber Maturity Score
A cyber maturity score and benchmarking by industry and sector
-
Technical Appendices
Technical appendices from scans of public-facing IP and URL addresses
-
Cyber Insurance Insights
Experts will give you insights into how underwriters may view each identified control or risk management deficiency
-
Stakeholder Briefing
Briefing for key stakeholders to review findings
-
Web Findings
Deep and dark web findings (optional)
-
Scan Reports
Technical reports from adversary simulation scans (optional)
At the end of the process, clients will receive a detailed reporting package listing key strengths, compensating controls and prioritized areas for improvement so that key stakeholders can better understand how to tell their cyber security story. With this approach, our team of cyber professionals helps you highlight the best components of your existing program while at the same time providing a detailed roadmap with actionable recommendations for improvements that may have the biggest impact.
The Aon Team
Our CaSA services are delivered by a global team of highly qualified professionals with decades of experience across all areas of cyber security, as well as disciplines like law enforcement, accounting, law, risk management, business resilience, disaster recovery, crisis management, insurance and more.
Insurance products and services are offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida, and their licensed affiliates.
The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.
