Product Family
Jeremy Gittler, Head of Cyber & Technology - Americas, AXA XL


Head of Cyber & Technology, Americas, AXA XL

As cyber events escalate and target organizations of all sizes, many are turning to claims experts for help building a robust cybersecurity plan.

We all know that hackers are upping their game, as we have seen a huge spike in the number of ransomware attacks, including more sophisticated attacks. This includes hackers conducting reconnaissance on companies to determine which ones they can extract a higher ransom amount from.

What’s more, attacks are becoming more damaging. Historically, these were random attacks in which hackers would charge relatively small ransoms in order for companies to regain control of their systems and data. However, today’s cyber thief infiltrates the system, then gathers information and proprietary company data, including trade secrets, employee information, at times including what cyber insurance the company might have, and financial information. That information gives a cyber thief leverage to charge higher ransoms based on what company data has been compromised.

Additionally, our claims team at AXA XL is seeing another disturbing trend; cyber attacks are starting to become twofold attacks. Hackers are demanding ransoms in exchange for decryption keys for your locked systems, and a ransom for a promise not to publish or sell the information they stole from company systems. That is a new twist on the ransomware attack, and it is one that is increasing ransomware payouts as well as complicating system recovery.

Who is Vulnerable?

All organizations and industries are vulnerable to cyber attacks. While large corporations are often targeted because of the potential payout and cybersecurity vulnerabilities, there is a significant rise in the number of smaller organizations that are being attacked. According to Verizon’s Data Breach Investigation Report, small businesses made up 43% of online attacks in 2019, and today’s remote work model has left countless numbers of businesses vulnerable to cyber attacks.

For those organizations with poor cyber security, scant employee training, or inadequate or no incident response plan, the loss exposure could be exponential. Most often, these are entities without large budgets – the very organizations that would be most impacted by a cyber attack.

The lack of budget is also playing against many smaller organizations. As cybercrime has ballooned over the last decade and certainly over the last few years, cyber insurance coverage has become more costly. Many smaller companies mistakenly view cyber insurance as an unnecessary cost, assuming cyber attacks are more of a concern for larger entities.

Yet hackers see much appeal in targeting companies with lax cybersecurity measures. While the ransoms may be smaller than those demanded of larger corporations, the payouts can be devastating to a business.

How devastating? An organization can expect to pay out not only the cost of the ransom, but also the forensics investigation, the data recovery costs, and the business interruption costs. Business interruption alone is a huge factor in paying ransoms – often, a company will be forced to pay the ransom simply because not doing so could be the difference between a business halt for a few days or a shutdown for a few weeks.

For those organizations with poor cyber security, scant employee training, or inadequate or no incident response plan, the loss exposure could be exponential.

Building Stronger Cyber Protection

Companies of all sizes should be doing what they can to put cyber insurance in place. However, because of the sizable increase in cyber events and the increased demand for cyber insurance, many smaller organizations are finding it difficult to afford coverage. With a dramatic rise in claims, carriers are restricting availability, policy capacity and premiums are increasing.

For that reason, carriers are looking for companies that demonstrate a robust approach to cyber risk mitigation. Companies that demonstrate active cybersecurity plans and a company-wide approach to cyber safety will be a more appealing risk for those carriers.

It behooves the organization then to establish a sound cyber security prevention and response plan. Doing so has a number of advantages, including strengthening your company’s cyber preparedness, reducing your cyber risks, thus improving the appeal of your cyber risk portfolio to carriers.

Your company need look no further than your carrier’s claims team. A claims team can not only walk your organization through the claims process, but also help you understand some best practices to mitigate your cyber risk based on real-life scenarios they have encountered. The AXA XL claims team suggests companies start here:

  • Instill a cyber-focused culture:
    Start by making cybersecurity part of the company culture. Every employee should be actively participating in preventing cyber attacks from hitting their mark. Make cybersecurity part of the company’s daily business operations.
  • Teach cybersecurity:
    Employees should be trained on how to spot phishing attempts and where to report any suspicious activity. Part of your training efforts should include what to do if an employee inadvertently clicks on a link or divulges proprietary information to hackers.
  • Find a great claims team:
    A solid claims team can be a huge asset when there is a claim. Having a relationship with the claims team ahead of any claim makes any future claim go more smoothly. Meet with the claims team and learn how their claims process works. Conduct tabletop scenarios that can clarify their response.

    Especially in the immediate aftermath of a breach, a claims team can act as advisors on how to respond to ransom demands and can get a team of experts involved immediately. The claims team has a wealth of knowledge on the claims process, but also connections to the right people to help you through a cyber event.
  • Collaborate with your insurance carrier:
    An insurance carrier with a deep background in cybersecurity can assist your company in understanding where vulnerabilities may lie, and how to improve your cybersecurity measures from an insurance perspective.

    Work with a carrier that has the experts in place to help you with both pre- and post-breach planning. An experienced carrier will spend time with your company at the outset ensuring that you are understanding your risks and making suggestions on how to reduce those risks.
  • Maximize insurance coverage:
    Work with your claims team to understand where claims may be occurring historically, what potential claims are emerging, and what coverage options fit best with your risk portfolio. Talking with your claims team early and often can help your company stay ahead of risks and build a better insurance program to address any future incidents.

Cyber Readiness, Claims Style 
In fact, organizations of all sizes can improve significantly their cyber risk exposure with these types of prevention strategies. Such preparation can help organizations enter the cyber insurance market, and possibly at a more affordable premium.

Yet the policy is just one facet of a sound cybersecurity mitigation strategy. The policy is as good as the claims team behind it. A good claims team will provide service beyond claim resolution. That includes having the expertise in place to help you lower your cyber exposures. By building a relationship with the claims team, your company will be well-positioned to prevent costly cyber events and will be in a stronger position should a claim occur.


To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.