Product Family
Jeremy Gittler, Head of Cyber & Technology - Americas, AXA XL


Head of Cyber & Technology, Americas, AXA XL

Cyber liabilities, and associated expenses, can devastate any business. A single cyber-attack in the US costs companies on average $8.19 million, according to the IBM 2019 Cost of Data Breach Report. Recent headlines have shown that there is no one industry or entity size that stands alone as an easy target for cyber criminals. Healthcare, manufacturers, media companies, retail operations, government agencies, and plenty of small businesses, among others, have all found themselves victims of cyberattacks. This past year, the cyber insurance market saw a significant increase in ransomware claims in both frequency and severity. Of these claims, there was a large increase on those in the manufacturing and chemical company sector as well as those attacks spreading to third party companies that had connected networks.

In 2019, we also saw our first eight figure ransom demand; and of our overall claims, social engineering and ransomware comprised more than over 60%.
Cyber claims do not always result from an attack by cyber criminals. The threat vectors are changing in terms of complexity and purpose. This results in a wide variety of claims triggering various coverages provided by AXA XL’s cyber insurance coverage.

Consider these scenarios, taken from AXA XL’s cyber claims files:

Financial services: Misdirected money
Total Payout: $225,000
Coverage Section: Data Breach Response and Crisis Management Coverage; Social Engineering Financial Fraud Endorsement

A financial services company was the victim of a social engineering event, which resulted in a fraudulent wire transfer of $200,000. Specifically, in June of 2018, the company transferred funds in connection with the closing of a property. The fund transfer was made pursuant to updated instructions that they allegedly received from their vendor. It was ultimately discovered that the wire transfer was fraudulent when the company was notified several months later by the intended recipient that they had not received the transfer. Coverage was triggered under the Data Breach Response and Crisis Management Insuring Agreement, as it was reasonably suspected that the company suffered an email compromise. The company retained privacy counsel and forensics to assist with investigating the incident.

Additionally, this incident triggered the Social Engineering Financial Fraud Endorsement. Approximately $225,000 was incurred in connection with these costs and the fraudulent transfer. It should be noted that this matter was also reported to the company’s Crime policy.

Hospitality: An inhospitable intrusion
Total Payout: $80M
Coverage Section: Data Breach Response and Crisis Management Coverage; Privacy and Cyber Security; PCI DSS Endorsement

This matter involves a credit card breach occurring at a hotel chain. Specifically, in September of 2016 and March of 2017 the hotel was notified by Visa of a potential credit card breach at the hotel. The hotel engaged a law firm who retained a forensics company to carry out a forensic investigation which identified a window of intrusion from March 2016 to October 2016, and November 2016 to April 2017, impacting approximately 315,000 credit cards. Total costs incurred were reflective of notification to affected individuals, defense costs and settlements and PCI fines and penalties.

Professional services firm: Taken for a ride by a temp
Total Payout: $350,000
Coverage Section: Data Breach Response and Crisis Management Coverage

A lawsuit was filed against our insured, who provides staffing services, arising from alleged damages sustained as a result of negligent work done by a temporary employee. Specifically, the company recommended a candidate to its customer to serve as their interim Chief Financial Officer. The client ultimately gave the temporary employee significant responsibilities and allowed her to overhaul their billing department and billing process. The client alleged that the employee was actually unqualified and caused approximately $1.75 million in damages, in part, because they failed to timely bill its customers resulting in the inability to collect money that was owed to them. Despite the demand, settlement was reached for $300,000 and additional costs incurred were reflective of defense costs.

Interested in reading more? Access additional claims scenarios from healthcare, tech/telecom, manufacturing, retail and other industries by downloading our “Cyber claims: Real-life AXA XL claims scenarios” brochure.

To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.