Product Family

Why the COVID-19 pandemic calls for a return to basic cybersecurity principles


The COVID-19 outbreak has fundamentally impacted the security landscape. Leaders must focus on securing their workforce, at a time when available resources are more limited, attack surfaces have grown as a result of remote working practices, and threat actor activity has increased, as actors diversify to take advantage of the pandemic.

Right now, security leaders must ensure they act proactively to protect against emerging threats, as well as having plans in-place to react should the worst happen. While doing so amid so much change and uncertainty can appear like a complex exercise, by concentrating on a few, fundamental principles, business leaders and their security teams will be well placed to face the challenges ahead.

Monitor the threats
Examples of threat actors using the current global crisis to their advantage are plentiful. We are seeing social engineering attempts include a coronavirus-themed malicious app locking Android phones, impersonations of health organizations such as the World Health Organization in phishing emails, and an illegitimate copy of the John Hopkin’s University COVID-19 mapping website that downloads malware to visitors’ devices.

Communicate effectively
The most effective action security leaders can take at this time is proactively communicating with employees, to remind them of necessary caution and inform them of emerging threat trends. To do so, security teams will need to monitor evolving threats related to COVID-19, ensure mechanisms to communicate securely with employees are in place, and monitor systems access in order to prevent employees from accessing any malicious links or files.

At a time of great upheaval, it is in fact a return to the basic principles of proactive response, clear communications, and effective planning that will enable business leaders, security specialists and IT professionals to cope with these new realities.

Plan and practice
Beyond this, security teams should turn to adapting their cyber incident response planning. Organizations must consider how an incident will affect them given their new remote working operations. Many organizations will already have some form of planning in case of a cyber incident. The question then becomes: “can you still detect incidents effectively and trigger response plans under these new circumstances?” Depending on the answer, your plans may need revising and updating to ensure that, in the event of an incident, management teams can still carry out their plans remotely, and have the ability to communicate effectively if the network is down. However, simply updating plans is not enough: communicating and rehearsing those plans before an incident occurs is pivotal to maximize the effectiveness of any subsequent response. 

At a time of great upheaval, it is in fact a return to the basic principles of proactive response, clear communications, and effective planning that will enable business leaders, security specialists and IT professionals to cope with these new realities. 

For a detailed discussion of cyber security priorities during the COVID-19 pandemic, read S-RM’s full analysis of the subject here.

AXA XL insureds have access to S-RM, one of our cyber security partners, who are able to advise on all things cyber security. S-RM can facilitate CISO workshops with your information security leadership to understand your organization’s environment and provide expert guidance on cyber security plans. AXA XL insureds also have access to S-RM’s Phishing Testing capability, which enables organizations to gauge their employees’ cybersecurity awareness, as well as Incident Response Workshops and Plan Reviews, to ensure that your organization has a plan in place in the event of a cyber attack.

About the authors
Elissa Doroff is Underwriting and Product Manager, North America Cyber and Technology for AXA XL, a division of AXA. She can be reached at Aaron Aanenson is Director of Cyber Security for S-RM. He can be reached at

To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.