Product Family

Nearly every day we hear about another cyber attack on a company or the leak of massive amounts of sensitive data. Most of us are aware of the cyber dangers facing individuals and companies, but most employees don’t realize the important role they play. Employees are the true first line of defense in keeping a company’s data and IT infrastructure secure.

Raising awareness of security risks and how these risks could cause an issue with the information and/or network security is a valuable investment for any company’s cyber security program. For this reason, XL Group’s Information Risk Management (IRM) Department conducts security awareness campaigns in various forms including videos, posters, email campaigns, blogs and online training modules.   

The challenge, however, is how do you grab your colleagues’ attention so that you can pass on some helpful information -  information that not only helps us protect XL Group’s information but theirs as well.  Like everyone in today’s connected world, our colleagues are inundated with messages, heavy workloads, various business initiatives, emails and meetings.

In order to get our message across we needed to capture their attention because we have to enlist them in the ongoing battle against cyber threats.  

A Little Encouragement

For 2014,  we decided to make our message both professional and personal. That meant we needed to provide information that would resonant both in the corporate environment and with their own personal data.

Next we considered how to roll out the campaign. A competition seems to get noticed.   We looked at competitive opportunities between regions, business segment and office locations. This type of competition, however, didn’t seem to fully embrace the cultural attributes that defines XL:  responsibility, passion for excellence, integrity and efficiency.  

Rather, we wanted everyone to work toward a common goal.  To that end, we decided to ask our employees to accept a challenge on behalf of a charity.  Appealing to their sense of social responsibility, we asked them to watch an educational security video and in turn, for every view of the video, we offered a $1 donation to  charity. 

Given that hacking and breaches affects companies as well as individuals, we were confident that once our colleagues realized  the lessons would benefit them both in the office and at home, they would be more receptive to viewing a series of videos. 

Choosing a Charity

Our next step was to choose a charity whose work would appeal to our colleagues globally.  After all, we still needed them to commit a few minutes out of their busy schedules to view a short video  with very helpful messages about information security.   

Because we are a global organization, it was important to find a charity that would resonate  with  our colleagues in more than 20 different countries.  After considerable discussion, our team picked Médecins Sans Frontières (MSF) which worldwide is more commonly known as Doctors Without Borders.  MSF is an international medical humanitarian organization providing aid in nearly 70 countries, to people whose survival is threatened by violence, neglect or catastrophe, primarily due to armed conflict, epidemics, malnutrition, and exclusion from health care or natural disaster.

“One Minute, One Click, One Dollar”

We created a series of seven educational videos around protecting XL, its data, mobile devices and personal data. Topics included spear phishing, phone phishing, bot nets and social media threats. Most of the videos were less than one minute in length. They were introduced monthly through emails and blogs.

For each video that a colleague watched, the IRM team committed to contributing $1 to “Doctors Without Borders”. The goal was to have the videos watched by XL colleagues 10,000 times thus  raising $10,000 for “Doctors Without Borders”.

In the end, this series of videos generated the largest volume of statistics related to any one initiative at XL.  Most importantly, we were able to engage our 4,500 XL Group colleagues worldwide in protecting XL Group’s information and their personal information while donating to a worthwhile and notable charity.  We’re confident that our colleagues learned something about information security threats and spread the word to friends and family.  Equally important, our colleagues are more aware of suspicious activity that could jeopardize corporate information and network security.  We have more help in protecting valuable information.   

Getting security awareness messages across can be challenging for any business. Appealing to our colleagues’ strong sense of social responsibility with our pledge to help a global charity was a highly successful combination.  It’s a combination that many businesses can replicate to help their colleagues learn more about online security that will help boost their own cyber risk management efforts.


About the Authors. . .

Thomas Dunbar is the Chief Information Risk Officer for XL Group Ltd.  Dave Cameron is VP, Information Security and Todd Spano is an information security specialist on XL Group’s Information Risk Management team.  Tom, Dave and Todd and their teams are responsible for XL Group’s overall Information Risk Management program, including the company’s information risk and security strategies, tactics, planning, governance, architecture and operations.


More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.