US 12,169,569 B2
Systems and methods for cybersecurity risk assessment
Anthony R. Belfiore, Jr., Mahwah, NJ (US); Mani Dhesi, London (GB); Adam Peckman, London (GB); and Joseph Martinez, Boonton, NJ (US)
Assigned to Aon Global Operations SE, Singapore Branch, Singapore (SG)
Filed by Aon Global Operations SE, Singapore Branch, Singapore (SG)
Filed on Sep. 13, 2023, as Appl. No. 18/367,862.
Application 18/367,862 is a continuation of application No. 17/206,630, filed on Mar. 19, 2021, granted, now 11,790,090.
Application 17/206,630 is a continuation of application No. 16/539,075, filed on Aug. 13, 2019, granted, now 10,963,572, issued on Mar. 30, 2021.
Application 16/539,075 is a continuation of application No. 15/820,786, filed on Nov. 22, 2017, granted, now 10,387,657, issued on Aug. 20, 2019.
Claims priority of provisional application 62/425,556, filed on Nov. 22, 2016.
Prior Publication US 2024/0220631 A1, Jul. 4, 2024
Int. Cl. G06F 21/57 (2013.01); G06Q 10/0635 (2023.01); H04L 9/40 (2022.01)
CPC G06F 21/577 (2013.01) [G06Q 10/0635 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01); G06F 2221/034 (2013.01); G06F 2221/2101 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for assessing cybersecurity risk for an organization, the system comprising:
at least one non-transitory computer readable medium configured to store a respective plurality of control ratings corresponding to each respective entity of a plurality of entities, wherein
each control rating of the respective plurality of control ratings was calculated based on evaluating a respective entity infrastructure profile of the respective entity; and
one or more processors configured to perform operations comprising
receiving an infrastructure profile comprising identification of a plurality of cybersecurity controls of the organization and a plurality of technology assets of the organization, wherein receiving the infrastructure profile comprises
collecting, through a set of survey questions presented to one or more representatives of the organization via a graphical user interface, at least a portion of the infrastructure profile,
evaluating the infrastructure profile in view of at least three types of cybersecurity threats, wherein the evaluating comprises
for each respective cybersecurity control of the plurality of cybersecurity controls identified in the infrastructure profile, calculating a rating of the respective cybersecurity control in view of a control environment defined by a portion of the infrastructure profile,
accessing, from the at least one non-transitory computer readable medium, a plurality of peer ratings corresponding to a plurality of peer entity infrastructures of at least a portion of the plurality of entities, wherein the plurality of peer ratings comprises, for each peer entity infrastructure of the plurality of peer entity infrastructures, a rating corresponding to each respective cybersecurity control of the plurality of cybersecurity controls,
calculating, from the plurality of peer ratings, a plurality of benchmark ratings comprising a respective benchmark rating corresponding to each respective cybersecurity control of the plurality of cybersecurity controls,
generating, for presentation at a computing device, an infrastructure evaluation, wherein the infrastructure evaluation comprises a graphical comparison of a respective rating of each cybersecurity control of the plurality of cybersecurity control to a corresponding benchmark rating of the plurality of benchmark ratings, and
providing, via a network to the computing device, the infrastructure evaluation for review by at least one representative of the organization.