ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Lockton Company CyberSecurity Posture

lockton.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

What makes Lockton stand apart is also what makes us better: independence. Our private ownership empowers our 13,100+ Associates doing business in over 140+ countries to focus solely on clients' risk and insurance needs. With expertise that reaches around the globe, we deliver the deep understanding needed to accomplish remarkable results.

Lockton A.I CyberSecurity Scoring

Lockton

Company Details

Linkedin ID:

lockton-companies

Website:

http://www.lockton.com

Employees number:

13,887

Number of followers:

498,501

NAICS:

524

Industry Type:

Insurance

Homepage:

lockton.com

IP Addresses:

0

Company ID:

LOC_1069388

Scan Status:

In-progress

AI scoreLockton Risk Score (AI oriented)

Between 700 and 749

https://images.rankiteo.com/companyimages/lockton-companies.jpeg
Lockton Insurance
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreLockton Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/lockton-companies.jpeg
Lockton Insurance
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Lockton Company CyberSecurity News & History

Past Incidents
1
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
Southeast Series of Lockton Companies, LLCBreach25111/2024
LOC531072525
Rankiteo Explanation :
Attack without any consequences

Description: The California Attorney General reported a data breach involving Southeast Series of Lockton Companies, LLC on May 23, 2025. The breach occurred on November 20, 2024, when unauthorized access to a single Lockton computer was detected, potentially exposing personal information of individuals. The specific details about the number of affected individuals and types of data compromised are unknown.

Southeast Series of Lockton Companies, LLC
Breach
Severity: 25
Impact: 1
Seen: 11/2024
Blog:
LOC531072525
Rankiteo Explanation
Attack without any consequences

Description: The California Attorney General reported a data breach involving Southeast Series of Lockton Companies, LLC on May 23, 2025. The breach occurred on November 20, 2024, when unauthorized access to a single Lockton computer was detected, potentially exposing personal information of individuals. The specific details about the number of affected individuals and types of data compromised are unknown.

Ailogo

Lockton Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for Lockton

Incidents vs Insurance Industry Average (This Year)

No incidents recorded for Lockton in 2025.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Lockton in 2025.

Incident Types Lockton vs Insurance Industry Avg (This Year)

No incidents recorded for Lockton in 2025.

Incident History — Lockton (X = Date, Y = Severity)

Lockton cyber incidents detection timeline including parent company and subsidiaries

Lockton Company Subsidiaries

SubsidiaryImage

What makes Lockton stand apart is also what makes us better: independence. Our private ownership empowers our 13,100+ Associates doing business in over 140+ countries to focus solely on clients' risk and insurance needs. With expertise that reaches around the globe, we deliver the deep understanding needed to accomplish remarkable results.

similarCompanies

Lockton Similar Companies

China Pacific Insurance Company
cpic.com.cn

China Pacific Life Insurance Co., Ltd (CPIC Life in short) was formed on the basis of life insurance business of China Pacific Insurance Co., Ltd., which was founded on May 13th 1991, and is held by CPIC Group. The company was incorporated in November 11, 2001, headquartered in Shanghai and register

Security Report Compare

AIA Group Limited and its subsidiaries (collectively “AIA” or the “Group”) comprise the largest independent publicly listed pan-Asian life insurance group. It has a presence in 18 markets – wholly-owned branches and subsidiaries in Mainland China, Hong Kong SAR(1), Thailand, Singapore, Malaysia, Aus

Security Report Compare
Bajaj Allianz Life Insurance
bajajallianzlife.com

Bajaj Allianz Life Insurance, one of the fastest-growing life insurers, is a joint venture between Bajaj Finserv Limited, one of the most diversified financial institutions in India, and Allianz SE, a leading global financial services provider with a presence in 70+ countries. Our remarkable journe

Security Report Compare

Bankers Life® focuses on the insurance and investment needs of middle-income Americans who are near or in retirement. The Bankers Life brand is part of CNO Financial Group, Inc. (NYSE: CNO), whose companies provide insurance and wealth management solutions that help protect the health and retirement

Security Report Compare
Star Health and Allied Insurance Co. Ltd
starhealth.in

Star Health & Allied Insurance Co. Ltd. is an Indian health insurance company headquartered in Chennai. They began their operations in 2006 as India's first standalone Health Insurance provider. They offer innovative products in the health, personal accident and overseas & domestic travel insurance.

Security Report Compare
Bajaj General Insurance
bajajgeneralinsurance.com

Bajaj General Insurance Limited (formerly known as Bajaj Allianz General Insurance Company Limited) is one of India’s leading, most trusted and dynamic private general insurance companies. It is a subsidiary of Bajaj Finserv Limited, India’s leading and most diversified financial services group. Ba

Security Report Compare
State Life Insurance Pakistan
facebook.com

The Life Insurance Business in Pakistan was nationalized in March 1972. Initially, the Life Insurance business of 32 Insurance Companies was merged and placed under three Beema Units named “A”, “B” and “C” Beema Units. However, later these Beema Units were merged, and effective November 1, 1972, the

Security Report Compare
HDFC ERGO General Insurance
hdfcergo.com

HDFC ERGO General Insurance Company Limited was promoted by erstwhile Housing Development Finance Corporation Ltd. (HDFC), India’s premier Housing Finance Institution and ERGO International AG, the primary insurance entity of Munich Re Group. Consequent to the implementation of the Scheme of Amalgam

Security Report Compare
Axis Max Life Insurance Limited
axismaxlife.com

Axis Max Life Insurance Limited (earlier known as Max Life Insurance Company Limited) is a Joint Venture between Max Financial Services Limited and Axis Bank Limited. Max Financial Services Ltd. is a part of the Max Group, an Indian multi-business corporation. Axis Max Life Insurance Limited has an

Security Report Compare
newsone

Lockton CyberSecurity News

November 02, 2025 07:00 AM
As technology outages become the new normal, staying operational means staying vigilant

From cloud outages to cybersecurity failures, the digital backbone of modern business is under constant strain.

Read Article
October 30, 2025 09:37 AM
From Awareness to Action: Strengthening Cyber Resilience for Your Organizations

While Cybersecurity Awareness Month (opens a new window) may be behind us, its message remains strong and relevant. As cyberattacks continue...

Read Article
September 07, 2025 07:00 AM
How D&O insurance coverage can help protect against cyber related liability

The consistent evolution in the risk, breadth, and nature of cyber-attacks has solidified cyber risks as a key topic in many boardrooms.

Read Article
September 07, 2025 07:00 AM
New Lockton Re Cyber Report: Cyber Insurance 2030 – Charting a Course for Growth

The cyber market is anticipated to more than double by 2030. Even conservative estimates suggest significant continued growth,...

Read Article
August 19, 2025 07:00 AM
Cyber Market Update: Q2 2025

During the first half of 2025, the UK cyber insurance market has remained positive for clients. In the past quarter, premiums across our...

Read Article
August 14, 2025 07:00 AM
2025 Cyber Claims Update

The already challenging and complex cyber risk landscape that businesses face has only become more difficult and multifaceted over the last...

Read Article
August 10, 2025 07:00 AM
Cybersecurity at sea: What the Coast Guard’s new rule means for U.S. vessel operators

The U.S. Coast Guard's new cybersecurity rule is a pivotal shift in maritime risk management. Read the article and learn why you should take...

Read Article
July 25, 2025 07:00 AM
Lockton issues ransomware response guide for Australian organisations

Lockton has introduced a new decision-making guide and incident response framework aimed at supporting Australian organisations in managing...

Read Article
June 30, 2025 07:00 AM
Lockton flags rising ransomware risks for Australian businesses

Lockton has issued new guidance for Australian businesses navigating ransomware incidents, urging a methodical evaluation of payment options, legal risks, and...

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Lockton CyberSecurity History Information

Official Website of Lockton

The official website of Lockton is http://www.lockton.com.

Lockton’s AI-Generated Cybersecurity Score

According to Rankiteo, Lockton’s AI-generated cybersecurity score is 744, reflecting their Moderate security posture.

How many security badges does Lockton’ have ?

According to Rankiteo, Lockton currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does Lockton have SOC 2 Type 1 certification ?

According to Rankiteo, Lockton is not certified under SOC 2 Type 1.

Does Lockton have SOC 2 Type 2 certification ?

According to Rankiteo, Lockton does not hold a SOC 2 Type 2 certification.

Does Lockton comply with GDPR ?

According to Rankiteo, Lockton is not listed as GDPR compliant.

Does Lockton have PCI DSS certification ?

According to Rankiteo, Lockton does not currently maintain PCI DSS compliance.

Does Lockton comply with HIPAA ?

According to Rankiteo, Lockton is not compliant with HIPAA regulations.

Does Lockton have ISO 27001 certification ?

According to Rankiteo,Lockton is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Lockton

Lockton operates primarily in the Insurance industry.

Number of Employees at Lockton

Lockton employs approximately 13,887 people worldwide.

Subsidiaries Owned by Lockton

Lockton presently has no subsidiaries across any sectors.

Lockton’s LinkedIn Followers

Lockton’s official LinkedIn profile has approximately 498,501 followers.

NAICS Classification of Lockton

Lockton is classified under the NAICS code 524, which corresponds to Insurance Carriers and Related Activities.

Lockton’s Presence on Crunchbase

No, Lockton does not have a profile on Crunchbase.

Lockton’s Presence on LinkedIn

Yes, Lockton maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/lockton-companies.

Cybersecurity Incidents Involving Lockton

As of December 11, 2025, Rankiteo reports that Lockton has experienced 1 cybersecurity incidents.

Number of Peer and Competitor Companies

Lockton has an estimated 15,015 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Lockton ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

measurementExposure impactImpact

Title: Data Breach at Southeast Series of Lockton Companies, LLC

Description: The California Attorney General reported a data breach involving Southeast Series of Lockton Companies, LLC on May 23, 2025. The breach occurred on November 20, 2024, when unauthorized access to a single Lockton computer was detected, potentially exposing personal information of individuals, although specific details about the number of affected individuals and types of data compromised are unknown.

Date Detected: 2024-11-20

Date Publicly Disclosed: 2025-05-23

Type: Data Breach

Attack Vector: Unauthorized Access

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach LOC531072525

Systems Affected: Single Lockton computer

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information.

Which entities were affected by each incident ?

Incident : Data Breach LOC531072525

Entity Name: Southeast Series of Lockton Companies, LLC

Entity Type: Company

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach LOC531072525

Type of Data Compromised: Personal Information

References

Where can I find more information about each incident ?

Incident : Data Breach LOC531072525

Source: California Attorney General

Date Accessed: 2025-05-23

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Attorney GeneralDate Accessed: 2025-05-23.

Additional Questions

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2024-11-20.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-05-23.

Impact of the Incidents

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident is California Attorney General.

cve

Latest Global CVEs (Not Company-Specific)

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
References
Description

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
References
Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
References
Description

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=lockton-companies' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge