Product Family


Global Chief Underwriting Officer, Financial Lines

Ransomware attacks are doing more than threatening to expose proprietary information; they’re shutting down operations.

In June 2020, one of the world’s largest auto manufacturers was forced to shut down production for a day. The problem: hackers had planted a computer virus in the automaker’s internal computer networks, which shut down systems and locked employees out of email and servers.

However, the hackers went further; the ransomware infiltrated systems along the production line, including the car inspection system. Production in plants in Japan, Turkey, Brazil, India, and the US were disrupted, some for more than a day. By crippling production, the hackers hoped to force ransom payment.

The tool hackers appear to have used is a software designed to infiltrate control systems in factories, power plants, and other industrial facilities. Such software is not designed to steal data, but rather to infect operational systems, rendering them useless and bringing business to a halt.

To date, much of the focus of cybercrime prevention by companies has been on protecting internal data – trade secrets, employee personal information, payroll, health insurance, internal records. However, manufacturers have operational technology systems (OT). These systems control production equipment, detect changes, monitor operations, and keep production lines running smoothly.

That is, until a breach occurs. Unfortunately, attacks on OT infrastructure are on the rise. One study reveals that 90% of industries across the globe had suffered at least one damaging cyberattack between 2017 and 2019, and nearly two-thirds admitted to being hit at least twice.

These OT attacks are hitting organizations by disrupting:

  • Remote monitoring
  • Equipment sensors
  • Fire safety equipment
  • Scientific equipment
  • Lighting controls and energy monitoring
  • Security systems
  • Transportation systems

Until 2010, attacks like these on the OT infrastructure was the stuff of espionage and government-backed attacks.

Today cyberweapons have become tools for cyber thieves. Because of the ability for widespread shutdown of operations from an OT attack, hackers are seeing the potential for high ransom amounts. The hackers too have evolved. No longer lone actors, sophisticated hacking groups are targeting big business, attacks that can be launched from anywhere in the world.

The threat for industries is exponentially larger. Whereas in the past a breach could shut down systems and compromise data, the OT breach can result in a devastating fire, bodily injury, or environmental damage. The monetary losses alone would far outweigh those associated with the more traditional privacy breach cyberattack.

The OT breach can result in a devastating fire, bodily injury, or environmental damage

Is It Covered?
Since cyberattacks grew in frequency and severity, the insurance market has responded well. Most have focused on the privacy breach event, which is where most of the threats were occurring. In the US there are several markets that write that form of insurance. Cyber insurance is less mature outside the US. Those types of policies have evolved to cover several types of first and third party losses that can arise from a breach.

However, cyber policies typically exclude property damage and bodily injury. Breaches that threaten property via an OT attack are new enough that policy wording has to catch up. There is no single way the cyber peril is addressed in Property, sometimes the forms are silent, sometimes excluding it, and sometimes giving sub-limited affirmative grants. In the US, a general liability policy typically excludes the privacy breach type losses while reserving third party liability coverage for bodily injury or property damage but even that is not entirely clear cut.

At present, global insurers have adopted the practice of making explicit statements regarding whether cyber -related losses are covered or excluded, and to what extent. That gives some clarity to policyholders but does not spell out the intricacies of coverage. For example, property coverage can come with a cyber events exclusion but offers a “write back” for fire or explosion or some other limited perils.

To date, bodily injury and property damage are still not excluded. However, as losses mount or should the reinsurance market decide to exclude it, that could change.

For the property and casualty insurers, the knowledge regarding the impact of OT attacks is still in its infancy. Understandable, because until recently, such attacks did not happen in the mainstream corporate environment. However, as these claims begin to mount in frequency and severity, insurers and industry alike need answers.

We as an industry need to continue learning about cyberattacks and their impact on various industries and operations. Insurers should be trying to understand just how much of a company’s operations is vulnerable to cyberattack and should be underwriting the exposures that cannot be mitigated fully.

Organizations themselves can decrease their loss exposures by conducting risk assessments that include their OT infrastructure. Tabletop exercises and mitigation strategies, along with regular patches and updates to security systems, can help companies prepare for an attack, and potentially thwart hackers.

Have a conversation with your insurer. An insurer that has expertise in cybersecurity can review your current coverage and outline the protections that are in place. They can also walk your organization through self-insured retention or other options to ensure that remediation is in place in the event of an attack.

Protecting Production
Cyberattacks are continuing to evolve, much as the hackers themselves are doing. Unfortunately, not all insurance coverage can keep up with, or cover completely, the nuances of each iteration in the cyber threat chain.

Your production line, your equipment, your processes can be accessed and controlled with the same ease and dexterity that hackers use to get into your systems. In fact, by accessing your systems, cyber thieves have full access to the whole of your operations.

By knowing all you can about these attacks – and about how your current policies will or will not respond – your organization can be better prepared for any attack. Work with your insurer to put protections in place that help reduce loss and ensure stronger operational readiness going forward.

About the Author: 
Libby Benet was appointed as Global Chief Underwriting Officer, Financial Lines in October 2020. Libby’s experience in the insurance and reinsurance sector spans over 30 years. She joined AXA XL in February 2020 as Global Chief Underwriting Officer, Cyber after serving as President and CEO of Cyber Secure Work Inc, and previously held several senior positions in the (re)insurance industry. She is a member of the Minnesota Lawyers Mutual Board of Directors. She is a lawyer and a certified information privacy professional and certified as a privacy information manager. She can be reached at

To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.