Comparison Overview

Aon

VS

Northwestern Mutual

Aon

122 Leadenhall Street, London, undefined, EC3V 4AN, GB
Last Update: 2025-12-11
View Profile
Between 750 and 799
http://www.aon.com

We exist to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that help protect and grow their businesses.

NAICS: 52
NAICS Definition: Finance and Insurance
Employees: 75,543
Subsidiaries: 11
12-month incidents
0
Known data breaches
2
Attack type number
3
View Profile

Northwestern Mutual

720 East Wisconsin Avenue, None, Milwaukee, WI, US, 53202-4797
Last Update: 2025-12-09
Between 650 and 699
http://www.northwesternmutual.com

Northwestern Mutual is here for what’s most important—helping families and businesses experience the freedom of financial security for over 160 years. Through our personalized, holistic approach, including both insurance and investments, we’re helping people make the most of life today, and for days to come. Through advisors who stay with you every step of the way, leading insights and technology, and digital-first experiences, we’re here to show our clients a better way to money. In managing $265.0 billion in assets, $28.1 billion in revenues, and more than $1.8 trillion worth of life insurance protection in force, Northwestern Mutual has had the privilege of being there for more than 4.5 million people who rely on us for life, disability income and long-term care insurance, annuities, brokerage and advisory services, trust services, and discretionary portfolio management solutions. The company is trusted with more than $125 billion of client assets as a part of its wealth management company and investment services. We are strong supporters of our financial workforce nationwide as well as our home office professionals in Milwaukee, WI. We’re continuing to grow, and we believe diversity makes us stronger as we help shape the future of financial security. Help us get to know you by applying for open positions here: https://jobs.northwesternmutual.com/ Financial representatives and interns are independent contractors and not employees of Northwestern Mutual. https://www.northwesternmutual.com/social-media-guidelines

NAICS: 52
NAICS Definition: Finance and Insurance
Employees: 37,463
Subsidiaries: 3
12-month incidents
0
Known data breaches
2
Attack type number
2

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/aon.jpeg
Aon
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/northwestern-mutual.jpeg
Northwestern Mutual
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Aon
100%
Compliance Rate
0/4 Standards Verified
Northwestern Mutual
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for Aon in 2025.

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for Northwestern Mutual in 2025.

Incident History — Aon (X = Date, Y = Severity)

Aon cyber incidents detection timeline including parent company and subsidiaries

Incident History — Northwestern Mutual (X = Date, Y = Severity)

Northwestern Mutual cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/aon.jpeg
Aon
Incidents

Date Detected: 07/2023
Type:Data Leak
Attack Vector: SQL Injection
Blog: Blog

Date Detected: 02/2022
Type:Cyber Attack
Blog: Blog

Date Detected: 12/2020
Type:Breach
Attack Vector: Unauthorized Access
Blog: Blog
https://images.rankiteo.com/companyimages/northwestern-mutual.jpeg
Northwestern Mutual
Incidents

Date Detected: 10/2023
Type:Ransomware
Blog: Blog

Date Detected: 5/2023
Type:Breach
Attack Vector: Hacking
Blog: Blog

Date Detected: 8/2017
Type:Breach
Attack Vector: Computer Scam
Blog: Blog

FAQ

Aon company demonstrates a stronger AI Cybersecurity Score compared to Northwestern Mutual company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Aon company has faced a higher number of disclosed cyber incidents historically compared to Northwestern Mutual company.

In the current year, Northwestern Mutual company and Aon company have not reported any cyber incidents.

Northwestern Mutual company has confirmed experiencing a ransomware attack, while Aon company has not reported such incidents publicly.

Both Northwestern Mutual company and Aon company have disclosed experiencing at least one data breach.

Aon company has reported targeted cyberattacks, while Northwestern Mutual company has not reported such incidents publicly.

Neither Aon company nor Northwestern Mutual company has reported experiencing or disclosing vulnerabilities publicly.

Neither Aon nor Northwestern Mutual holds any compliance certifications.

Neither company holds any compliance certifications.

Aon company has more subsidiaries worldwide compared to Northwestern Mutual company.

Aon company employs more people globally than Northwestern Mutual company, reflecting its scale as a Financial Services.

Neither Aon nor Northwestern Mutual holds SOC 2 Type 1 certification.

Neither Aon nor Northwestern Mutual holds SOC 2 Type 2 certification.

Neither Aon nor Northwestern Mutual holds ISO 27001 certification.

Neither Aon nor Northwestern Mutual holds PCI DSS certification.

Neither Aon nor Northwestern Mutual holds HIPAA certification.

Neither Aon nor Northwestern Mutual holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can be exposed in error responses, creating an XSS risk if Content-Type isn't strictly enforced. This issue does not have a fix at the time of publication.

Published
Date
2025-12-11
Updated
Date
2025-12-11
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.

Published
Date
2025-12-11
Updated
Date
2025-12-11
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.

Published
Date
2025-12-11
Updated
Date
2025-12-11
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.

Published
Date
2025-12-11
Updated
Date
2025-12-11
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Description

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.

Published
Date
2025-12-11
Updated
Date
2025-12-11
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References