Aon | helping companies combat growing cyber risks

Who are your clients?

“With cyber, there's no industry that isn't impacted or touched by it. So our clients range from small UK-domiciled manufacturing companies through to international aerospace companies, heavy industries and major global pharmaceutical companies and retailers.

The UK London markets, the insurance markets in particular, are seen as real drivers of innovation in the insurance space. And as such, the UK team sees a lot of international risk. So organisations that are looking to build significant cyber insurance programmes and need a lot of assistance to correctly define, articulate, and protect themselves in cyberspace come to the UK and to the London markets in particular.

That’s true even of the US and US risks. Whilst there's a really strong and effective insurance market in the United States, a lot of US organisations will still come to the UK for specific additional technical capability or insurance capacity or advice and guidance on how to make sure that they're set up to do business in the European Union. Even though we're technically not part of the EU anymore, we're still seen as a really important translator of how the US can transact business in the EU effectively and in compliance with regulations and guidance, because we have a finger on the pulse in that respect."

What are the benefits of operating from the UK?

“First and foremost it’s that specific expertise in the cyber insurance business. Ultimately, the insurance market was born and grown in London, and it's continued to maintain that reputation for excellence and for innovation.

From a centre of excellence perspective, London is very much the core hub. So that's where we have a critical mass of our real thought and industry leaders. But we also have colleagues across the whole of the UK to service clients that may have different hubs or different head offices or different needs or specific local requirements or requests.

We are very privileged in the UK to have access to fantastic technical talent. When I look at the make-up of our team, we have a large number of non-UK nationals who have come over and worked for us in the cyber space. So there's a dynamic and diverse talent pool.

From a regulatory standpoint, I think the standard of regulation means that clients are confident that the quality of services is going to be robust and transparent. It's also broadly similar to the European Union and that does make life easier in terms of being able to align to standards and processes and communicate that effectively to our clients. But because we're not bound by all EU regulatory requirements, we're seen as a useful space for US-centric businesses to come for advice and guidance, which I think is important.”

“From a regulatory standpoint, I think the standard of regulation means that people are confident that the quality of services is going to be robust and transparent. It's also broadly similar to the European Union and that does make life easier in terms of being able to align to standards and processes and communicate that effectively with our clients”

How does the UK sit competitively in the area of cyber protection?

“We’ve got a quite mature cyber security market. What I mean by that, is a lot of technical expertise has grown up in the UK space. We've got a really thriving professional services industry and a lot of experience of consulting and interacting with non-UK domiciled organisations. That breadth of experience, in terms of individuals' backgrounds but also in terms of the experience of dealing with different clients from the EU, the Middle East and the US, among others, is quite unique. US businesses tend to be quite US-centric and EU businesses tend to be more regional. I think the UK is quite unique in that we are pretty used to dealing with organisations from all over the globe, and that's resulted in us having some pretty powerful insights in terms of what good looks like and what best practise looks like as well.”

How do you see the market for cyber protection growing in the future?

“The market is going to continue to grow. Cyber risk is not going anywhere. It's becoming larger and, in many ways, more systemic.

I think there's going to be a large focus on automation and leveraging tooling and technology to ramp up advice and insight at scale. I think that there is going to be an increasing acknowledgement that you need to think holistically about your approach to cyber resilience - so not just about preventative controls, but also reactive controls, and frankly, balance sheet protection as well. And I think there's going to be an increased focus on the human component of cyber risk. So how are we supporting individuals within organisations to make good decisions about cyber security? From our perspective, how are we setting ourselves up as an organisation to meet these challenges?

As we become increasingly interconnected and we get new and novel technologies emerging, such as for example, AI, the speed at which that risk can manifest itself is going up. That's only going to increase the demand for cyber security protection services.”