Cyber and Information Security

As our world becomes increasingly connected, providing a best-in-class cyber security program has never been more important. Our customers expect, and deserve, a safe and secure digital experience.

AIG values our customers’ trust and is dedicated to helping clients proactively protect their data, networks, and IT systems and is committed to helping protect their information from risks, like fraud, unauthorized access, and cyber threats. We recognize the importance of information security in maintaining a resilient business and understand that responding to an evolving threat landscape is critical to effective risk management. Below are some resources intended to help inform you about both AIG’s capabilities and the ways in which you can better protect yourself, your work, and your families.

AIG’s Information Security Approach

AIG recognizes the importance of information security as a key element of maintaining a resilient business. To respond to the evolving threat landscape, AIG has adopted a risk-centric approach to information security. AIG is committed to continually developing and honing our overall security capabilities and putting the security and safety of our data, and our customers’ data, at the forefront of our efforts through:

Intelligence Driven Risk Management

Dedicated professionals monitor information security intelligence, leverage information security tools, and enact processes and procedures designed to secure networks and access points. Threat intelligence plays a crucial role in our strategic business planning – with informed investments in security, our capabilities can align to counter the evolving threat landscape.

Data and Identity Access Management

We use identity and access management controls to help protect AIG’s information and systems through the management of worker access to systems and data. AIG remains focused on secure privileged access and enhanced authentication capabilities.

Proactive Security Practices

Having a proactive, defense-in-depth approach to our security efforts allows us to be more vigilant and adaptive to the evolving threat landscape. This approach helps us improve visibility into the AIG environment by establishing further transparency into cyber threats through maturing security monitoring capabilities and existing toolsets. We also work to enhance security vulnerability remediation by augmenting the security of internet-facing applications and improving overall cloud security.

Security Posture and Assurance

Validation of the AIG security posture is conducted using a multifaceted approach. Assurance is obtained from independent internal and external organizations to assess the effectiveness of our control environment. Issues are prioritized based on AIG’s defined risk criteria and tracked to remediation.

Workforce Training and Awareness

Protecting the safety, including the confidentiality, availability, and integrity of information assets is a priority at AIG. Whether we are working with customer data, employee data, or AIG proprietary information, AIG is committed to delivering ongoing user cybersecurity awareness training designed to help protect our assets and information.

Cybersecurity Awareness Month

Every October, AIG recognizes Cybersecurity Awareness Month as an opportunity to reinforce a strong cybersecurity culture throughout the enterprise by sharing best practices and online safety tips with our employees.

Cybersecurity Awareness Month was created as a collaborative effort between government and industry to ensure the general public has the resources they need to stay safer and more secure online.

AIG partners with the National Cybersecurity Alliance to help promote Cybersecurity Awareness Month tools and resources with our workforce and to help build additional cybersecurity awareness tips and best practices to share with our stakeholders.

AIG’s Cyber & Information Security Resources

AIG frequently shares cyber safety tips and best practices throughout the enterprise in an effort to help build a strong cybersecurity culture. We equip our employees and stakeholders with the cyber safety tools they need to help stay protected from evolving cyber threats, such as Cyber Safety for the Digital Newcomer and many other safety resources.

See our resources

Additional Cybersecurity Resources & Information

The National Cybersecurity Alliance (NCA) is a nonprofit organization that builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts. It empowers users at home, work and school and equips them with the information they need to keep themselves, their organizations, their systems, and their sensitive information more safe and secure online. Along with over 25 other private sector companies, AIG serves as a board member of NCA, helping to build and encourage a culture around good cybersecurity hygiene. Some helpful resources include, but are not limited to:

The National Cybersecurity Alliance’s:

Ransomware 101 tip sheet
Security Tips for K-12 Online Learning
To Click or Not to Click tip sheet
Security Tips for Remote Workers
Visit NCA’s Resource Library for more information on free cybersecurity events, tips, and resources.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), is the United States’ risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future. CISA is also a close partner and collaborator with the NCS, but they also provide many cybersecurity and information security resources and safety tips to the general public, as well as to the public and private sectors. Some of these resources include, but are not limited to:

CISA’s Ransomware Guidance and Resources
CISA’s Ransomware Guide
CISA’s Ransomware Alerts and Tips
CISA’s Avoid Social Engineering and Phishing Attacks article
How to report a cyber incident through CISA or a cyber crime through the FBI.