Product Family


RedSeal,VP Business Development and Elissa Doroff,Product Manager,XL Catlin,Cyber & Technology

Over the last few decades, the way in which companies conduct business has gone through a transformation. Organizations have shifted their business models from brick-and-mortar products and services platforms to innovative, adaptive strategies that capitalize on the constant change brought about by technology. In order to compete, many businesses are redirecting their energies to more flexible, mobile business processes.

Yet such digital transformation comes with a significant exposure. A 2018 IBM-sponsored Ponemon Institute study concluded that the 383 companies surveyed have a 27.9-percent probability of experiencing a material data breach involving ten thousand records over a 24-month period. That’s a 2.2 percent increase of probability over 2017 statistics.

Also, on the increase: the average total cost of a data breach. The same Ponemon study shows that average total cost rose from $3.62 to $3.86 million, a 6.4 percent increase over 2017 figures. The average cost per record has risen from $141 to $148, up 4.8 percent in one year.

Evolving Threats & Coverage Gaps

From phishing scams to ransomware attacks, cyber thieves are finding their way into company systems and exposing sensitive corporate data. Yet as cybersecurity experts work to stay ahead of the threats, thieves are developing new ways to breach systems and profit from security gaps. Thieves are now targeting smart devices, including printers and IP cameras, and trying to compromise cloud-based systems and databases.

Yet what risks does any one company face? Understanding the full extent of a company’s exposure is not always obvious. Likewise, knowing what would constitute a comprehensive cyber liability policy for that particular business can be just as challenging. Most buyers are not aware of their needs or insurance options.

That’s because cyber risk can be a breach, a loss, or nearly any other form of disruption or damage to a company’s systems or data. In order for a cyber liability policy to be effective, a company must identify its vulnerabilities.


Network modeling and risk scoring allows companies to create an all-inclusive network model that encompasses both physical and digital company assets, including public and private cloud environments.

A Model for Network Risks

Fortunately, companies are now able to get a more targeted view of risks through network modeling and risk scoring. Objective measurement of network resilience, such as that which XL Catlin clients can access via a collaboration with network modeling and risk scoring platform provider RedSeal, can give companies a full-scale view of their cyber risks over time and serve as a roadmap for companies to improve their cybersecurity measures.

Network modeling and risk scoring allows companies to create an all-inclusive network model that encompasses both physical and digital company assets, including public and private cloud environments. That helps companies identify:

  • Device and third-party software weaknesses and their impact on the network: a business can see device vulnerabilities and access paths across the enterprise, which can help improve incident response plans.
  • Ease of accessibility of a company’s valuable assets to hackers: a business can identify misconfigurations, audit compliance issues, and adjust access controls, further improving security.
  • How well the company’s network, connections, and devices are understood: by finding and repairing misconfigurations and vulnerabilities, companies can improve network access decisions, assess attack routes, and ensure compliance quickly.

Another bonus: companies are able to create a continuous improvement process within their cybersecurity initiatives, further improving their resilience and awareness of their cyber exposures.

Also, by using risk scoring and modeling, companies can improve their insurance costs and coverage. A low risk score can give underwriters more in-depth information for risk evaluation and can help them better evaluate a company’s risks over time. Such data can help underwriters determine the most appropriate policy terms and pricing.

For insurers, such comprehensive data can also provide:

  • Better evaluation of internal and external threats
  • Monetized metrics to better score risks
  • Objective standards for coverage qualification
  • Insight into network resilience and resistance, survival and recovery capability

The Smart Approach to Cyber Threats

As cyber risks evolve, so should the approach companies take to understand their risks. By working together, consumers and providers can manage cyber risk by developing a data-driven picture of each company’s unique risks. By understanding the entire cyber risk exposure, companies can reduce their financial losses and increase their cybersecurity, all while making their networks more resilient. The result: a more competitive, flexible approach to business without all the risks.

About the Authors

Steve Timmerman is VP Business Development at RedSeal, which helps customers understand their network from the inside out – providing actionable intelligence, situational awareness and a Digital Resilience Score to help enterprises measure and improve their resilience.  He can be reached at Elissa Doroff is product manager for XL Catlin’s Cyber & Technology insurance business.  She can be reached at

To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.