LevelBlue to acquire Aon's cyber consulting teams in global deal
This transaction will see more than 300 technology professionals join LevelBlue, bolstering its cyber risk and incident response capabilities on a global scale. These teams currently provide services to Fortune 500 companies, 80% of the Am Law 100, and most of the top 20 UK law firms. The acquisition positions LevelBlue as the largest independent pure play Managed Security Services Provider (MSSP) worldwide.
Consulting capabilities
The addition of Aon's Cybersecurity and IP Litigation consulting groups brings specialised expertise in cybersecurity risk management and technology-related intellectual property litigation to LevelBlue's existing operations. These capabilities will now complement LevelBlue's 24/7 managed detection and response services, creating a broader offering that spans pre-emptive protection, digital risk management, and comprehensive incident response. "Cyber resilience is crucial for organisations of all sizes," said Robert McCullen, Chairman and Chief Executive Officer of LevelBlue. "By combining LevelBlue's exceptional cloud-based, AI-driven managed detection and response platform with Stroz Friedberg's proactive cyber consulting and advanced digital forensic and incident response capabilities, we're introducing the industry's most comprehensive unified cybersecurity services platform. This platform will not only strengthen clients' defenses preemptively, but also empower them with deeper insights and faster incident resolution. Together, we're helping organisations stay ahead of emerging threats and recover with greater speed and confidence."
David Yaches, Chief Executive Officer of Cyber Solutions Security Consulting at Aon, commented on the agreement: "We are thrilled to join forces with LevelBlue. Our teams are aligned in mission and values, and this acquisition will allow us to serve clients with an expanded suite of cyber solutions and deeper technical expertise."
Maintaining core services
Aon will continue to provide cyber brokerage services via its Cyber Solutions group, CyQu platform, and Cyber Risk Analyzer, focusing on serving a wide range of client risk and broking needs globally. The company's Cybersecurity consulting segment has been recognised in the 2024 Forrester Wave for Cybersecurity Incident Response Services, particularly for its coverage of adversary simulation, penetration testing, incident response planning, breach response, and digital forensics. "The incredible cybersecurity readiness and response capabilities of Aon's Cybersecurity consulting group, including the esteemed heritage of the Stroz Friedberg legacy, brings highly valued expertise to LevelBlue," said Mike Troiano, LevelBlue Board Member and Head of AT&T Business Products. "We expect this acquisition to significantly enhance the strategic cybersecurity services delivered globally by LevelBlue to AT&T's government and enterprise customers."
LevelBlue and Aon will also establish a strategic collaboration as part of the agreement, allowing both companies to offer combined and complementary services to their respective clients. This partnership is intended to provide holistic cybersecurity support, integrating managed services and consulting expertise to address the evolving cyber threat landscape.
Christian Hoffman, Global Specialty and Financial Products Leader at Aon, added: "Cyber remains a top risk category for our clients. Aon will continue to deliver leading cyber brokerage capabilities through our Cyber Solutions group, CyQu platform and Cyber Risk Analyzer to serve our clients growing cyber broking needs."
The consulting teams from Aon are known for assisting clients with strengthening their operational readiness, protecting digital assets, and reducing the impact of cyber incidents, using a mix of technical know-how and established methodologies. Their track record has made them a choice partner for organisations looking to accelerate recovery in the event of a cyber event.
Market perspective
Christina Richmond, Principal Analyst at Richmond Advisory Group, shared her view on the acquisition: "This is a highly strategic acquisition for the cybersecurity services market. LevelBlue will strengthen its position at the intersection of managed security and cyber consulting services. By acquiring leading cybersecurity and IP litigation consulting capabilities, the combined organisation is now better positioned to proactively enhance organisational resilience. The strategic relationship with Aon bolsters LevelBlue's posture with cyber insurers and adds highly complementary risk analysis and advisory services."
Santander is acting as financial advisor and Kirkland & Ellis as legal advisor to LevelBlue, while Lazard and Latham & Watkins are advising Aon for this transaction. Financial terms have not been disclosed, and the deal remains subject to standard closing conditions.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
04-08-2025
- Techday NZ
AI-driven cyber attacks surge as APAC risk leaders feel unprepared
A new study has found that the majority of risk leaders feel ill-equipped to address the rising rates of artificial intelligence (AI)-driven cyber attacks across the Asia-Pacific (APAC) region. The 2025 Cyber Risk Report by Aon highlights a 29 percent increase in cyber incident frequency in APAC over the past year and a 134 percent rise over the last four years. The report draws attention to the surge in sophisticated threats, including AI-powered deception, social engineering, and deepfake attacks, leading to a 233 percent year-on-year increase in fraud-related cyber insurance claims. Geographical isolation is no longer seen as a protective factor for New Zealand organisations, as cyber threats now originate from a global landscape. Over the last 18 months, local entities have experienced disruptions linked to technology failures overseas, with consequences including business interruption and data loss. The increasing dependency on interconnected digital systems is cited as contributing to this heightened exposure. Systemic disruption The report describes the relationship between technological innovation and risk as a "Faustian pact," emphasising that greater efficiency is matched by increased vulnerability to external events. It notes that 63 percent of suspected nation-state cyber operations worldwide in the past year originated in APAC, often targeting critical infrastructure and key industries. Of the 1,414 global cyber events analysed, 56 incidents attracted significant media attention and led to average shareholder value losses of 27 percent for affected companies. Preparedness and risk management A growing gap has emerged between the adoption of AI tools and preparedness to manage associated risks. Ninety-eight percent of surveyed risk leaders said they do not feel fully prepared to oversee AI risks. Despite 79 percent of organisations using or planning to use AI, only 32 percent have a formal inventory of these tools. This disparity, according to the report, expands the digital attack surface faster than risk management strategies can keep pace. The report states that organisations are improving their response to incidents, with the percentage of entities paying ransoms dropping to 25 percent in 2024, and the median ransom payment at USD $110,890 in the fourth quarter of that year. This trend is seen as a sign of better disaster recovery and incident response planning. Implications for New Zealand Cyber insurance market conditions for New Zealand businesses have shifted, with rates decreasing by roughly seven percent in the first quarter of 2025 following a prolonged period of increases. More organisations are reportedly reviewing whether to take out or expand cyber insurance to meet the scale of emerging risks. "New Zealand businesses are getting more mature in how they approach cyber risk - but the old belief that we're somehow safer because of our isolation no longer holds," said Duncan Morrison, Cyber Practise Leader in New Zealand for Aon. Morrison added, "Disruptions to global software vendors and tech supply chains have already hit local organisations hard. As we adopt more advanced tools like AI and real-time data systems, the interconnectivity that powers progress also increases our exposure." He emphasised that competitive pricing is not the only driver for reviewing cyber insurance needs. "Aon is seeing more New Zealand organisations reassess their cyber insurance needs - not just because pricing is more competitive, but because the risk is now tangible," Morrison said. Morrison noted key indicators of the changing risk landscape, stating, "The rise in AI-driven attacks, the growth in fraud claims and the sharp drop in ransom payments all point to two things: the threat is real, and smart preparation works." Geostrategic drivers According to Adam Peckman, Head of Risk Consulting and Cyber Solutions for APAC and Global Head of Cyber Risk Consulting at Aon, regional tensions are a major factor in the growing cyber risk landscape. Peckman stated, "Nation-state-backed threat actors are increasingly using cyber campaigns for asymmetrical conflict, economic coercion, or corporate espionage. Businesses need the tools to make better, data-driven cyber decisions." Morrison also urged businesses to be proactive: "The good news is that businesses don't have to face these challenges alone. There are practical steps they can take today: from exploring cyber insurance options to using better data analytics for risk assessment and ensuring AI investments are properly protected. The key is to take action now."
Techday NZ
30-07-2025
- Techday NZ
LevelBlue warns cyber incidents jump as social engineering rises
LevelBlue has released its latest Threat Trends Report, revealing significant changes in cyberattack patterns and a marked increase in incident rates during the first half of 2025. Incident rates rise The report, analysing data from January through May 2025, shows that the percentage of LevelBlue customers experiencing cybersecurity incidents surged from 6% in the second half of 2024 to 17% in 2025. This threefold increase highlights escalating risks to organisations across various sectors. The report attributes this sharp rise in part to evolving tactics employed by cybercriminals. While Business Email Compromise (BEC) continues to be the most frequent method for gaining initial access to systems, there has been notable growth in alternative approaches. Non-BEC incidents increased by 214%, indicating that attackers are diversifying their methods to infiltrate networks. Faster breakout times LevelBlue's findings indicate that once attackers penetrate a network, they are moving laterally inside these environments at unprecedented speeds. The average breakout time (the duration between initial access and lateral movement) has now dropped to under 60 minutes, with certain cases recorded at less than 15 minutes. Social engineering surge The report points to a considerable surge in social engineering attacks, with 39% of initial access incidents linked to these techniques. This trend is particularly evident in the prevalence of fake CAPTCHA-based attacks, such as ClickFix campaigns. These campaigns, designed to trick users into providing credentials or executing malware, saw an increase of 1,450% from the second half of 2024 to the first half of 2025. A striking development in the first half of 2025 is how much more sophisticated threat actors have become at deception. They're moving beyond traditional BEC schemes and using targeted social engineering to manipulate users into opening the door. Once inside, they're deploying remote access trojans and quickly covering their tracks, allowing them to move laterally through networks with alarming speed. This isn't a one-off trend – we fully expect this shift to continue throughout 2026. This detailed assessment comes from Fernando Martinez Sidera, Lead Threat Researcher at LevelBlue, underscoring a consistent and increasing sophistication in attackers' use of deception as part of their strategies. Recommendations for defence In response to these trends, LevelBlue has set out several recommendations for organisations seeking to bolster their cyber defences. These include raising awareness among users about threats posed by fake CAPTCHA attacks and other browser-based vectors, and considering restrictions on PowerShell or command prompt use for non-administrator accounts. The report suggests that firms develop and enforce caller verification protocols, such as multi-factor authentication (MFA), code words or phrases, or the use of identity verification platforms. It also advises mandatory implementation of MFA and digital certificates for VPN access, as well as deployment of jump boxes for remote desktop access from outside organisational networks. Another recommendation is the removal of Quick Assist from all end-user machines unless there is a specific business requirement, alongside following established guidelines to prevent the unauthorised download and execution of remote monitoring and management (RMM) software. The report notes that in help desk-themed attacks, threat actors may leverage other tools if Quick Assist is unavailable. Patch management also features prominently among suggested actions. Organisations are reminded to remain vigilant regarding vulnerabilities and to install updates promptly - especially where proof-of-concept exploits have been publicly released. Working together on cyber threats The LevelBlue Security Operations Centre collaborates closely with LevelBlue Labs researchers to monitor evolving threats and develop effective countermeasures. This teamwork involves sharing intelligence and methodologies as well as joint research projects, with the aim of strengthening defences across client organisations. The LevelBlue Threat Trends Report is intended to provide organisations with clear insight into current cyber threat landscapes and practical steps to reduce exposure to increasing and more sophisticated attacks.
Techday NZ
29-07-2025
- Techday NZ
W&I insurance claims rise for small deals across Pacific region
Aon has released findings from its 2025 Transaction Solutions Global Claims Study, revealing notable trends in the mergers and acquisitions (M&A) insurance market in the Pacific region. The study found that warranty and indemnity (W&I) insurance claims are occurring at a high frequency across Australia and New Zealand, especially for smaller transactions. According to Aon's data, claims were filed on approximately 20 percent of W&I policies in the Pacific. Eighty percent of these claims originated from deals with an enterprise value of less than AUD $500 million (approximately NZD $545 million). This concentration of claims among small-to-mid-market transactions highlights the importance placed on W&I insurance to protect deal value. Many businesses in the region rely on these policies to transfer risk and safeguard their financial interests during acquisitions and mergers. Claims profile The main causes of W&I insurance claims in New Zealand, according to the report, were compliance breaches, tax concerns, and issues related to the adequacy of financial statements. Breaches involving inadequate disclosure, either in relation to general warranties or specific representations, have remained a recurring problem. Due diligence processes, the report suggests, may require further strengthening to prevent these issues from leading to claims. Aon noted that a significant number of claims are reported soon after a deal closes. Nearly 25 percent of claims in the Pacific region occur within six months of completion, and almost 50 percent are made within 12 months. The vast majority - close to 100 percent - of claims are submitted within three years, which reflects the typical term of W&I policy periods. Within the past 12 months, Aon's clients in the Pacific region have received approximately AUD $30 million in paid out M&A insurance claims. The data indicates that nearly 60 percent of claim notices submitted by clients resulted in successful claim payouts. Regional observations Adrienne Booth has recently been appointed as Executive Director, Transaction Solutions, New Zealand at Aon. She noted that the nature of risk management via W&I insurance has become considerably more sophisticated: "We're seeing a more sophisticated approach to risk transfer in the region. Buyers and sellers alike are leveraging W&I insurance not just as a deal enabler, but as a strategic tool to manage post-close risk. The data reinforces that this product is delivering real value when it matters most." Booth, who brings global experience from her previous legal and compliance roles within Aon internationally, has returned to her native New Zealand to oversee the company's transaction solutions offerings there. Her appointment signals an increased focus on expanding these services and supporting M&A activity across New Zealand. Ami Kalmath, Claims Manager, Financial Specialties and Transaction Solutions, Pacific at Aon, emphasised the critical role played by specialist claims support in achieving favourable outcomes for clients: "The Pacific region continues to demonstrate the value of W&I insurance evidenced by the one-in-five frequency of claim notifications and the global figures for claim payouts. Aon's specialist claims team can assist clients to achieve optimal recovery on losses through specialist claims advocacy. Our experience demonstrates that when clients engage early and collaborate closely with their advisors and insurers, claims are resolved more efficiently and with better outcomes." The study's findings align with broader global figures on the frequency and success rate of claim notifications and payouts, according to Aon's analysis of proprietary claims records and insurer surveys. Market outlook Increased deal activity across the Pacific region has also led to a steady rise in the number of claims being notified, reinforcing the pattern of high W&I claim volumes in the small to mid-market segment. According to Aon, disclosure-related breaches remain the most common triggers for claims, alongside compliance and tax matters. The timing and pattern of claims, with the majority reported within a year of deal completion, underline the importance of active monitoring and swift engagement with claims teams. The data also points to the need for continued diligence in pre-transaction processes and ongoing collaboration among all parties involved in the deal lifecycle.
