Product Family


Underwriter, Cyber & Technology, AXA XL

143 million people.  Nearly half the US population and the majority of the adult population.  That’s the number of individuals who may have had some very personal information, such as social security numbers, birthdays, addresses, and in some cases, driver's license numbers, exposed in a highly publicized recent data breach.  

Recently, a grocery chain, a major consulting firm, a fast food drive in restaurant and the Security Exchange Commission (SEC) suffered a breach in some capacity.  A running list of data breaches can be found on The Privacy Rights Clearinghouse website.

The reality is, tomorrow, another company will suffer a breach and join the list.  And then likely another the day after that.  After all, last year alone, there were some 4,149 confirmed breaches which exposed more than 4.2 billion records. Why does this keep happening? What can we be doing to better protect ourselves and our businesses?

Patch Preparedness

One lesson learned in a recent breach is that complacency can create holes in any company’s cyber security efforts.   That’s why technology companies are always on the lookout to pinpoint vulnerabilities in their software and when they find one, develop an appropriate solution to ‘patch’ up the problem.   A patch is a piece of software designed to update a program or its supporting data, to fix or improve it.  This includes fixing security vulnerabilities and other bugs. 

This October marks the 14-year anniversary of Microsoft’s launch of Patch Tuesday.  Patch Tuesday is an unofficial term used to refer to when Microsoft regularly releases security patches for its software products.  Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

For any company, properly applying software updates and patches is a critical cyber security precaution.   The practice of regularly and consistently patching software, in a timely manner, removes some of the vulnerabilities that cybercriminals target.

Looking for an ‘In’

In order to take advantage of such vulnerabilities, cybercriminals are always looking for an “in,” an open door or opportunity to access a network.  Given the growing number of network-connected devices, they often have an ample choice of ‘endpoints’ to gain access.   Nearly 90% of breaches occur at the endpoint. 

An endpoint is any Internet-capable computer hardware device on a computer network. An endpoint could be a desktop computer, laptop, smart phone, tablet, printer or other specialized hardware such as a Point of Sale (POS) terminal.   Each device creates a potential entry point for security threats.  Endpoint security refers to the software and configuration of an endpoint to limit its exposure and the possibility of it being exploited.

To help our clients develop stronger endpoint security, XL Catlin recently announced a partnership with Clarium (a market-leading provider of end-to-end cyber security solutions) and Palo Alto Networks to provide XL Catlin’s cyber and technology insurance clients with a 90-day trial of security as a service solution. This solution consists of free access to Traps™, an endpoint protection service and security operations solutions through Clarium.  Traps™ completely replaces any current, conventional antivirus program a company is running. At the end of the 90-day free trial period, the insured can elect to subscribe to the Clarium and Palo Alto offering for  a 50% discount for 2 years. The fee includes enterprise level endpoint protection, 24/7 monitoring, compliance reporting and threat hunting with industry leading behavioral analysis programs. 

Access to such services is particularly beneficial to small and midsize businesses who recognize they have cyber risks but may not have the resources or full-time need for an entire cybersecurity department. 

The practice of regularly and consistently patching software, in a timely manner, removes some of the vulnerabilities that cybercriminals target.

Added Security Manpower

Given increased vulnerability to hacking attempts, many companies are scrambling to hire Chief Information Security Officers (CISOs) to not only manage the cyber risks facing the company, develop strong cyber security programs like patch management and endpoint security protection and, in many cases, educate senior leaders and its Board of Directors about the cyber risks facing the company.  The demand for such professionals continues to grow. 

Small and medium-sized firms however may not have the luxury or budget to hire a dedicated CISO, but their cyber risks are no less significant.  According to FireEye, one of XL Catlin’s breach response partners, over 77% of all cybercrimes target small and midsize enterprises (SMEs).  Yet, according to FireEye, research shows 42% of small and midsize businesses don’t see cybercrime as a risk. 

When an attack occurs and information is compromised, a timely and effective response is critical.  Knowing where to go for the right help is equally critical.  That’s why my team at XL Catlin has continued to build alliances with market-leading breach response providers to give our clients access to the most comprehensive cyber response network available in our industry.

Our Network gives our cyber insurance clients more choices and greater flexibility, allowing them to choose expertise that best suits their needs.  The Network includes computer forensics; data breach notification and credit monitoring providers, legal counsel and public relations firms to help our clients navigate sensitive breach situations expeditiously. A 24/7 hotline staffed by XL Catlin's expert cyber claims team directs clients to a wide network of prequalified breach response services, with negotiated rates. 

Celebrating Cyber Security Awareness Month

Most agree -- organizations that prepare for a cyber event suffer less financial and reputational loss than organizations with no preparation.  While we see almost daily reminders in the news of why cyber security is an imperative for any size company, commemorative months National Cyber Security Awareness Month, celebrated each October, provide all of us with added opportunity to boost their attention to cyber security.  According to the Department of Homeland Security, this commemorative month was designed to engage and educate public and private sector partners through events and initiatives that raise awareness of the importance of cybersecurity and provides tools and resources needed to stay safe online.  The Department of Homeland Security, the National Cyber Security Alliance, and many others offer a variety of resources to help. 

Let’s take the initiative to boost cyber security efforts before cybercriminals take the initiative. 

About the Author

With more than 15 years of IT experience, Sean Donahue is a Cyber & Technology underwriter with XL Catlin.  He can be reached at

To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.