Insurance
Insurance
Product Family
Product Family
Industries
Industries
Reinsurance
Reinsurance
Explore our offerings
Explore our offerings
Claims
Claims
Risk Consulting
Risk Consulting
Fast Fast Forward
Fast Fast Forward
Resources & Tools
Resources & Tools
Resources and Tools
Resources and Tools
About AXA XL
About AXA XL
About AXA XL
About AXA XL
Media Center
Media Center
Careers
Careers
Get In Touch
Get In Touch

As Sophie Farhane takes up the reins as AXA XL Global Chief Underwriting Officer for Cyber Direct and Indirect, she examines what the past 10 years can show us about the future of cyber insurance.

By

AXA XL Global Chief Underwriting Officer for Cyber Direct and Indirect

I’ve worked in cyber insurance for more than a decade and I’ve seen huge changes. The cyber insurance market has grown in size, sophistication and maturity – and found its purpose. Here’s how the changes I’ve experienced can give us an insight into the next ten years of helping organisations prepare, protect and recover from cyberattack. 

Cyber goes centre stage

When I first started my career as a claims handler, cyber was often viewed as an add-on to standard business insurance policies. This was especially true in Europe where the risk and the policy were even less understood than in the United States. 

Everything changed during 2016 and 2017. A series of attacks known as Petya, NotPetya and WannaCry affected hundreds of thousands of computers across the world. This was a wake-up call for everyone. It showed that cyberattack can be a systemic threat, affecting thousands of people at the same time, leading to large losses that can threaten the viability of a business.

Increasing awareness of cyber risks

After WannaCry, and other large ‘Petya’ and ‘non-Petya’ malware attacks, clients started thinking differently about cybersecurity. Those events highlighted that anyone can be vulnerable, and that cyberattack can be a brand and reputation issue for organisations, as well as a financial risk.

Before then, there were times when it was challenging to engage small and medium-sized businesses in discussions about why they might benefit from a cyber policy. Often, they considered it another financial burden, and they were too small to be of interest to hackers.  

But when the frequency and severity of attacks increased, it became clear that cyber insurance is something that all organisations – large or small – must think about.

Clients need a partner throughout the process

There was a large wave of claims after WannaCry, and I learned a lot during this period. I had both large and small clients, with differing needs.

For some of those smaller clients, their business was their life: often built from scratch and their sole source of income. As well as my support and advice, they also needed empathy.

At AXA XL, if you have a cyber claim, you speak to the same person throughout the process, who is your dedicated point of contact from start to end. It’s one of the most important parts of our cyber insurance offering. I believe this makes a huge difference to our clients, who are facing one of the most stressful periods in their working lives. Clients need to feel heard and supported through challenging times. 


“Cyber war isn’t just a theoretical notion any longer.”

AI is a challenge and an opportunity for cyber insurance

AI is a huge innovation for us and our clients. It’s exciting, but such a major innovation comes with risk. Hackers are using AI to increase the volume of attacks and to make those attacks more efficient. But we can use AI to help manage risks, monitor threats and develop better responses. 

In the early days of cyber insurance, we used to assess clients and underwrite their risks via a questionnaire. Nowadays we seek a holistic view of the client, so our risk analysis is enhanced through scanning.  Working with tech providers, we use AI to screen the client throughout the lifecycle of the policy. It’s a game-changer, giving greater clarity for client and insurer.  

Cyber is a constantly evolving risk. Our understanding of that risk, and the coverage and services we provide, are evolving alongside it. AXA XL was one of the first insurers to develop a Generative AI endorsement, which extends coverage for specific risks that businesses may encounter when building out their own Gen AI models. 

A future of evolving threats and solutions 

Cyber insurance will continue to evolve over the next decade, to meet changing demands. As well as AI, there are other risks and opportunities. 

The world is increasingly interconnected, bringing great strengths and creating vulnerabilities. The notion of ‘polycrisis’ is a big topic for all clients. Cyber war isn’t just a theoretical notion any longer. Systemic risk is also something we put at the forefront of our risk assessments. A major cloud outage, for example, could have wide-ranging, global repercussions. 

Our cyber risk consultants are dedicated to understanding these evolving risks. We use that knowledge to improve how we operate and to help clients reduce their risk. 

These risks should not stop us from underwriting cyber insurance policies, but we need to recognise insurance alone is not enough. To develop greater resilience, we need to collaborate.

I am part of discussions all the time between insurers, reinsurers, brokers and clients to increase collaboration and provide a united front against an evolving threat landscape.

As I look back at more than a decade in cyber insurance, I can honestly say I have never been bored. No day is the same, and I’m sure it will only get more interesting over the next ten years. By helping organisations to prevent attacks, we’re helping to make the online world a safer place. 

To contact the author of this story, please complete the below form

First Name is required
Last Name is required
Country is required
Invalid email Email is required
 
Invalid Captcha
Subscribe

More Articles

Quick Links

Subscribe to Fast Fast Forward
Life lessons from the front lines 2_350x155
Fast Fast Forward
From life-or-death emergencies on the front lines as an EMT to navigating the high-stakes world of cyber claims, AXA XL Cyber Claims Specialist Sagar Yadav has been driven by one core principle: staying calm when chaos strikes. Whether responding to a 911 call or guiding clients through a data breach,
Leading the charge in cyber resilience 2_350x155
Fast Fast Forward
Cyber threats are evolving faster than ever. At AXA XL, we aim not just to keep pace but to empower clients with resilient cyber defenses, enabling confident navigation of the digital landscape. To achieve this, we’re expanding our cyber risk consulting team to serve clients better and stay ahead
Multinationals guide to cyber risk_350x155
Fast Fast Forward
In an era where a single click can bridge continents and transform markets, multinational corporations (MNCs) find themselves navigating a maze of cyber risks that can shift with every border crossed. To not only survive but thrive in this interconnected world, MNCs must prioritize a nuanced approach

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. In this respect, our property loss prevention publications, services, and surveys do not address life safety or third party liability issues. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. The provision of any service does not imply that every possible hazard has been identified at a facility or that no other hazards exist. AXA XL Risk Consulting does not assume, and shall have no liability for the control, correction, continuation or modification of any existing conditions or operations. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any document or other communication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with our services, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.

THIS AXA WEBSITE USES COOKIES

AXA XL, as a controller, uses cookies to provide its services, improve user experience, measure audience engagement, and interact with users’ social network accounts among others. Some of these cookies are optional and we won't set optional cookies unless you enable them by clicking the "ACCEPT ALL" button. You can disable these cookies at any time via the "How to manage your cookie settings" section in our cookie policy.

Find Out More About the Cookie Policy Privacy Notice
Accept All
Refuse All
Cookie Settings