Latest news with #Ransomware
Cision Canada
5 days ago
- Business
- Cision Canada
Aon's 2025 Global Cyber Risk Report Reveals Reputation Risk Events Can Reduce Shareholder Value by 27 percent
DUBLIN, June 17, 2025 /CNW/ -- Aon plc (NYSE: AON), a leading global professional services firm, today released its 2025 Cyber Risk Report, revealing that cyber events that cause reputation risks can result in an average of 27 percent drop in shareholder value, highlighting the growing financial and reputational stakes of cyber risk. The findings build on Aon's 2023 research, which showed that major cyber incidents led to an average 9 percent decline in shareholder value over the following year. This year's report goes further, analyzing more than 1,400 global cyber events and identifying which types of attacks are most likely to evolve into reputation risk events and which can be the most damaging when they do. "Cyber risk is no longer just a technology issue — it's a boardroom issue," said Brent Rieth, global cyber leader at Aon. "Our latest research underscores the importance of proactive risk mitigation. Organizations that invest in preparedness and resilience are far better positioned to avoid the reputational and financial fallout that can follow a cyber event." Among the report's key findings: Of the 1,414 cyber events analysed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant media attention and lead to a measurable decline in share price. Companies affected by these reputation risk events experienced an average shareholder value decline of 27 percent. Malware and Ransomware attacks were the most likely to trigger reputational damage, accounting for 60 percent of all reputation risk events, despite making up only 45 percent of total cyber incidents. Five drivers of value recovery — preparedness, leadership, swift action, communication and change — were identified as critical levers for mitigating reputational fallout. The report also highlights the growing challenge of managing uninsurable risks. While cyber insurance can help transfer some financial exposure, reputation risk remains largely nontransferable, making proactive risk management and crisis response essential. "As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cybersecurity and insurance strategies, and the tools to make better, data-driven decisions. Aon is uniquely positioned to support clients through these challenges," added Rieth. Aon's 2025 Cyber Risk Report draws on proprietary data from the firm's Cyber Quotient Evaluation, a patented global e-submission platform that streamlines the cyber insurance intake process and empowers organizations with actionable insights into their cyber exposures and insurability — helping to strengthen both underwriting outcomes and cyber risk management strategies. About Aon Aon plc (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that protect and grow their businesses.
Reuters
07-05-2025
- Business
- Reuters
US school districts facing extortion attempt after hack, software provider says
DETROIT, May 7 (Reuters) - Hackers have tried to extort "multiple" school districts in the United States using previously stolen data from education software and cloud provider PowerSchool, the company said in a statement on Wednesday. The California-based provider, which serves more than 60 million students globally, disclosed in December 2024 that personal information from its U.S. student information database had been stolen in a cybersecurity incident. The data stolen varied, the company said at the time, opens new tab, but could have included names, contact information, dates of birth, limited medical alert information, and social security numbers. In an update on Wednesday the company said it was "aware that a threat actor has reached out to multiple school district customers in an attempt to extort them," and for the first time acknowledged that the company paid a ransom for an undisclosed amount to the hackers responsible for the breach. The extortion attempts relied on data stolen as part of that incident, the company said. The company made what it called "the difficult decision" to pay the ransom "because we believed it to be in the best interest of our customers and the students and communities we serve." The company believed the hackers would delete the data, the company said, "based on assurances and evidence provided to us." Reuters could not establish whether the same hackers behind the original attack were behind the extortion tries. A person familiar with the extortion attempts told Reuters four school districts had been contacted. It was not clear where those districts are located. PowerSchool did not respond to a request for comment. Bain Capital took PowerSchool private in a deal worth $5.6 billion in June 2024.
