Reinsurance
Explore our offerings
Explore our Mid-Market offerings
Rebia_Bardot Girard

By

Head of Cyber Risk Consulting Services

Cyber resilience is now a defining challenge for global businesses, as industrialised cybercrime, geopolitical tensions, regulatory expansion and rapid technological change converge to reshape risk. As Rebiah Bardot-Girard, AXA XL’s Global Head of Cyber Risk Consulting Services explains, speed of response, governance and system-wide resilience are essential – along with an experienced adviser.

Technology is constantly advancing and at a faster rate than ever before. This is bringing enormous benefits to companies of all types, but it also opens up everyone to cyber risk – we’re all connected.

Over my career, I’ve seen cybercrime become a global, industrialized operation. From teenage hackers in their bedrooms to vast, sophisticated international criminal organizations with defined job roles offering cybercrime-as-a-service, the risks are very real, very present and evolving all the time.

To help our clients build resilience to this changing threat, my colleagues and I are continually looking at how we can improve our own knowledge.

Continuous learning to understand risk

Happily, I love to learn. I have a degree in IT, a Masters in HR, an executive MBA and I’m currently studying for a PhD in Governance of automated decision making in Cybersecurity Systems.

But it isn’t just book-learning that is vital to understanding cyber resilience. My team and I know we must make the time to train ourselves on the very latest technology to understand the risks and opportunities it presents.

Some of my most important learnings have come from my roles protecting businesses from cyber criminals globally, and preserving business continuity at GIE AXA in Paris, where strategy and collaboration are coordinated for the whole of AXA Group. Defining protection strategies has given me important insights into how we can help clients build resilience to cyber risk in their own organisations.

Since approximately 90% of cyber incidents are caused by human error, cyber risk and resilience ultimately hinge on human behavior.

It’s (almost) all about people

Although technology is changing fast, ultimately, it’s still used by people, and cyber risk and resilience are mostly about human behaviour. About 90% of cyber incidents are caused by human error. A vital part of my team’s role is helping our clients to raise awareness up and down their organizations about where vulnerabilities are. We stress the importance of training, and building knowledge, all the time.

My job means I’m always considering the outcomes of the worst-case scenario. During my time at AXA GIE as CSO and Crisis Coordinator, there were several key risk scenarios that we thought about and tested our responses to, and we tested them a lot. A global pandemic was one of them. Despite being one of our least-expected risks, in 2020 the whole world experienced it.

Protecting the whole ecosystem to build cyber resilience

In many ways, the pandemic underlined an important lesson that I’d learned a few years earlier. In 2016, when the River Seine swelled to its highest level for more than 30 years, the city was rapidly flooding. I was part of the team that had to decide whether, and when, to evacuate the AXA GIE building. One of the big considerations was that this wouldn’t affect just one office. The building is part of an ecosystem of more than 20 other AXA entities in Paris.

It was a complex and stressful decision. In the end, we opted not to evacuate and eventually the flood levels subsided. We - and the 20 other entities – were able to continue operating without disruption. These events remind us that to build resilience to risk, the whole ecosystem must have awareness of the situation to be protected effectively. This is particularly true when it comes to cyber risk.

The AI future is now; we all need to be prepared

Every time there’s a new technology, there’s a good guy and a bad guy. AI transforms everyone’s ability to do certain things very well. And it gives bad actors greater scope to commit cybercrime on an industrial scale.

Recently, AI research company Anthropic said it would not be publicly releasing a new model – Mythos – because it would be too dangerous if it fell into the wrong hands.

But we need to remember that AI also gives us tools to combat some of these risks. AI-driven patching, for instance, can massively reduce the time between a vulnerability being discovered and a patch being deployed – and it can minimize the risk of human error in that process too.

When we talk to clients, we reiterate the simple message that the time to work on the cyber security baseline is now. You cannot run a credible business without having a robust cyber defence strategy.

Cyber is fast-moving, creating the potential for huge risk. AI is accelerating the speed of evolution. But if we all play our part in the ecosystem and continue to learn and adapt, we can build greater resilience in all walks of life, in companies large and small. In that objective we have built the four pillars—Prevent, Prepare, Protect, and Prevail—to provide a comprehensive cybersecurity approach, while clients also receive complimentary services such as security assessments, alerts, training, crisis exercises, and expert consulting to increase their cyber maturity.

It may sound like my job is always thinking about the worst that could happen. It’s true there are challenges. It’s exciting and fascinating; there’s always something new to learn. It’s safe to say there’s never a dull moment.

To contact the author of this story, please complete the below form

First Name is required
Last Name is required
Country is required
Invalid email Email is required
 
Invalid Captcha
Subscribe
Subscribe to Fast Fast Forward

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. In this respect, our property loss prevention publications, services, and surveys do not address life safety or third party liability issues. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. The provision of any service does not imply that every possible hazard has been identified at a facility or that no other hazards exist. AXA XL Risk Consulting does not assume, and shall have no liability for the control, correction, continuation or modification of any existing conditions or operations. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any document or other communication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with our services, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.