Product Family


Head of the Northeast Region, Cyber & Technology, AXA XL

It starts with a phone call, a click of a link, a request from the CFO, a customer locked out of an account or a vendor complaining about a missing payment.

These attempts are just a few of the many ways in which ransomware, phishing, and other cyber attacks are launched. Seemingly everyday activities are altered to allow thieves entry into a company’s network or access to data and are becoming more prevalent.

Until recently, cyber criminals would lure users to click on a link that would release the ransomware on the system. Today, however, 95% of ransomware is deployed manually by a network intruder, via exploit kit, or via phishing attachments. When installed, it captures the computer system, demanding a ransom in exchange for releasing the computer system back in to the owners control. According to AXA XL cyber breach partner Kivu Consulting, there has a been a sharp increase in particularly bad ransomware strains, ones that fatally corrupt substantial portions of the victim’s data; ones that fail to decrypt properly after payment of a ransom, or is favored by volatile, unskilled attackers who are unable to troubleshoot decryption issues. New strains are always emerging including most recently -- Cr1ptT0r and Ryuk.

Ransomware strains are constantly changing and evolving. That trend is expected to continue. Symantec reports that the number of ransomware variants has increased by 46 percent. One report shows ransomware incidents in the first three quarters of 2018 spiked from under 20 percent to nearly 46 percent.

Creative crooks

Cyber criminals are growing more creative with their attacks. Phishing and ransomware attacks are essentially digital blackmail. When combined, phishing ransomware attacks create some vicious cyber threats.

In the new 2019 State of the Phish report, a report by proofpoint, there was a 65% increase in enterprises compromised by phishing attacks in 2018 compared to 2017, as criminals are always looking for new points of entry. While the report reflected a global average of 66% of end users who know what phishing is, more than half of the respondents (55%) reported that they do not know what ‘smishing’ is and 63% were unfamiliar with ‘vishing.’ Smishing, or SMS phishing, sends a text message to an individual's mobile phone in an attempt to get them to divulge personal information. Conducted by voice email, VoIP (voice over IP), or landline or cellular telephone, vishing attacks trick individuals into revealing critical financial or personal information to unauthorized entities.

Putting a multi-step verification process in place for all requests helps reduce the risk of a breach significantly, as can limiting access of critical data to only key employees.

The price tag of a ransomware attack is on the rise too. New research by Coveware reported that in the fourth quarter of 2018, the average ransom increased by 13% from the previous quarter ($5,973), reaching $6,733. As a cyber insurer, we see numerous ransomware claims with some, more recently, demanding ransoms as high as $1 million. The report also indicated that ransomware incidents last an average of 6.2 days and the average cost related to downtime is around $55,000. That’s a 47% increase in average downtime over Q3 2018, which Coveware indicates is a direct consequence of attacks where backup systems were wiped or encrypted. According to Coveware, 75% of organizations that paid a ransom had their backups compromised.

A wide target

While controlling the ransom demand is impossible, controlling the cybersecurity environment in a company is entirely possible. It starts with knowing where vulnerabilities lie and how to reduce the likelihood of compromise.

While cyber risks are varied and numerous, some of the main areas of vulnerability include:

  • Email. Email is still one of the primary methods hackers use to breach systems – 92 percent of malware is delivered via email. Fake invoices, spoofed email addresses, or links asking for recipients for an electronic signature are all successful methods used by hackers.
  • Software/apps. Hackers are exploiting vulnerabilities in existing software that is on your company’s computers. These “fileless” attacks implement executable code into plugins, programs, even older, unsupported programs. According to the Ponemon 2019 Endpoint Security Survey, respondents predict 62 percent of attacks targeting respondents’ companies in 2019 will be file-based and 38 percent will be fileless attacks. Zero-day attacks are also becoming more prevalent. Zero-day attacks either involve the exploitation of undisclosed vulnerabilities or the use of new malware that security products do not recognize. These attacks exploit a vulnerability before it has been publicly disclosed and a patch has been developed. In 2018, according to Ponemon’s report, the frequency of existing or known attacks is 63 percent. The frequency of new or unknown zero-day attacks however has increased to 37 percent of all attacks
  • Phone requests. A call from the bank about an account issue could be a hacker trying to get account or password information.
  • Accidental disclosure. Another prevalent incident cause for breaches in 2018, was accidental disclosure – the lost laptop or information shared accidentally -- was blamed for 114 breaches of the 1,244 U.S. breaches, according to a new report sponsored by CyberScout in conjunction with the Identity Theft Resource Center. These breaches exposed 22 million records.


As a cyber insurer, we see numerous ransomware claims with some, more recently, demanding ransoms as high as $1 million.

The cybersecurity partnership

As the saying goes, prevention is better than a cure. In other words, taking a proactive approach and taking precautions – such as migrating from systems that are no longer supported, patching where needed, and ensuring that there are valid backups and archives, particularly of business-critical systems – is better than trying to address a mess after something has happened.

Part of that prevention is partnering with an insurer that offers a comprehensive approach to preventing and responding to ransomware demands and cyber threats. Start with a policy that offers broad terms and provides proactive service offerings to help your company prepare for and mitigate these incidents.

Because of our extensive understanding of cybersecurity issues, AXA XL has written a policy that offers comprehensive coverage for today’s emerging threats and many services to help your company prepare for and potentially prevent an incident from occurring. Plus, as part of the premium paid for their cyber insurance policy, our primary cyber & technology insurance clients have access to complimentary proactive cyber breach preparedness services. During their first cyber insurance policy year, our cyber clients can choose one of several proactive services from a number of pre-qualified vendors. We’ve partnered with industry leading computer forensics firms, public relations firms, law firms and data breach notification and call center services.

The menu of available pre-breach services includes consultations and assessments, along with other services, for:

  • Social Engineering and phishing awareness campaigns to prevent information breaches and strengthen the company’s security and compliance posture;
  • Incident readiness to evaluate an organization’s ability to respond to cyber incidents;
  • GDPR readiness assessments to assure organizations are in compliance with new privacy regulations;
  • Incident Planning and Coaching to develop action strategies in the event of a cyber incident;
  • Payment Card Industry (PCI) Compliance training to help merchants and other service providers comply with PCI Data Security Standards and more.

For instance, Kivu offers a suite of protective services including social engineering training and ransomware risk assessment.

Take advantage before the hackers do

While businesses cannot control rising ransoms or constantly monitor their employees, they can control their cybersecurity measures. In an environment of increasing ransomware variants and activity, it’s critical that every company take added steps now to protect their computer systems and protect proprietary information from thieves.

From educating employees on how to handle phishing emails or phone requests to testing these lessons with simulated phishing attacks and regularly accessing endpoint security, there’s a lot that can be done to keep everyone on their toes – aware and better protected from potential cyber thieves.

Taking advantage of the services that aim to reduce a business’ cyber risk and better protect company systems and information – and are often part of your cyber insurance policy offering – is a good place to start. 


Maura Wiese is the Head of the Northeast Region for AXA XL’s cyber & technology insurance team. Contact her at


To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.