Industry insights

Financial institutions

Under constant watch by regulators and the focus of data privacy laws, financial institutions are seasoned when it comes to navigating cyber risk. However, the shift to remote work means that many organizations are working hard to manage and mitigate unanticipated vulnerabilities.

How do financial institutions stack up?

2.7 (managed)

The average CyQu rating for financial institutions globally is 2.7/4 (managed).

What this means

This rating indicates that cyber security maturity is at a managed level. Risk management practices and technologies are performed and established throughout the majority of the organization. The organization adapts its cyber security practices based on best practices and predictive indicators throughout the majority of the business. Policies, processes, and procedures are defined, implemented as intended, and reviewed. Consistent methods are in place to respond effectively to changes in risk.

Explore the most pertinent cyber risks to financial institutions, map them to key cyber security controls, and determine actions your organization can take to close cyber security gaps.

Click below (+) to learn more

*Aon's Cyber Quotient Evaluation (CyQu) is a comprehensive cyber risk assessment that evaluates cyber risk across 9 security domains and 35 critical control areas

Underpinned by proprietary data and expert insights, explore four key risk themes that are prominent to financial institutions today.

Read below to learn more

Navigate new exposures:

Rapid digital evolution

The majority (62%) of financial institutions have mature network environments. This means that despite notoriously high volumes of legacy applications, there is robust architecture and strong defence mechanisms against perimeter breaches. There is also strong hygiene around network security, with 60% conducting regular network penetration tests.

Know your partners:

Third-party risk

Almost 2 in 5 financial institutions do not have a robust third-party due diligence process in place. In light of the recent high-profile events in the third-party space, this is a critical need for financial institutions.

Concentrate on controls:


Almost half of organizations (45%) scan their attack surface for vulnerabilities. While almost a third (27%) have not implemented two-factor authentication across all remote logins.

Perfect the basics:


A reassuringly high number of organizations automatically encrypt data-at-rest, and in-transit. However, 18% have not deployed an adequate data classification scheme. This highlights the challenge data-heavy organizations face in deploying a robust data management approach.

Industry insights

Life sciences