Aon PLC
CYBER QUOTIENT EVALUATION (CYQU) TOOL

Aon PLC’s Cyber Quotient Evaluation Tool, or CyQu, which was designed to provide a customized, data-driven understanding of enterprises’ cyber vulnerabilities, is being used by 20 primary insurers that accept it as a submission.

The self-assessment tool, which is a 2019 Innovation Award winner, also serves to “bridge the gap” between those who are building their company’s cyber insurance program and its information security units, said Christian Hoffman, New York-based president of U.S. cyber solutions, retail at the brokerage.

The product is the outcome of several months of development and reflects more than 10 years’ worth of claims and incident response data, he said.

“We had information security constituents coming to risk managers and us as brokers” stating they had filled out an insurance application, “but there was no sort of feedback loop,” said Mr. Hoffman.

CyQu takes the place of an insurance application and provides feedback to firms, which can enhance their cyber programs’ maturity, he said.

The product provides information on eight critical control domains: data security, access control, endpoint and systems, network security, physical security, application security, third party and business resilience.

Applicants receive a report with prioritized recommendations and risk transfer strategies designed to improve their risk posture within 10 days.

It represents “the best of both worlds in that risk managers get to use it in the submission process” and information security personnel get feedback and information that is more robust than what could be obtained in an insurance application, “so they actually get something out of the insurance submission process,” Mr. Hoffman said.

It’s “unique in the industry right now” in being able to provide a scoring output that provides guidance on information security, enabling companies to become “more secure and mature in their information security as well as informing the insurance marketplace on the risks and being able to facilitate the insurance transaction,” said Mr. Hoffman.

Several hundred companies have already used the product, he said.

There are two versions: One for smaller businesses has about 30 questions and takes about 25 minutes to complete, Mr. Hoffman said. The second, for larger companies, has upward of 100 questions and takes an hour to 90 minutes to complete, he said.

Aon will also discuss CyQu with larger firms that “happen to be early in their cyber maturity” and “might not have a significant investment in cyber at this point,” said Mr. Hoffman. “I don’t necessarily want to put specific parameters around it,” he said.

2019 Innovation Awards Home