Sophie Farhane
AXA XL
Global Chief Underwriting Officer for Cyber Direct and Indirect
As Sophie Farhane takes up the reins as AXA XL Global Chief Underwriting Officer for Cyber Direct and Indirect, she examines what the past 10 years can show us about the future of cyber insurance.
I’ve worked in cyber insurance for more than a decade and I’ve seen huge changes. The cyber insurance market has grown in size, sophistication and maturity – and found its purpose. Here’s how the changes I’ve experienced can give us an insight into the next ten years of helping organisations prepare, protect and recover from cyberattack.
Partnerships provide insurers with the key to unlock cybersecurity opportunities
Cyber goes centre stage
When I first started my career as a claims handler, cyber was often viewed as an add-on to standard business insurance policies. This was especially true in Europe where the risk and the policy were even less understood than in the United States.
Everything changed during 2016 and 2017. A series of attacks known as Petya, NotPetya and WannaCry affected hundreds of thousands of computers across the world. This was a wake-up call for everyone. It showed that cyberattack can be a systemic threat, affecting thousands of people at the same time, leading to large losses that can threaten the viability of a business.
Increasing awareness of cyber risks
After WannaCry, and other large ‘Petya’ and ‘non-Petya’ malware attacks, clients started thinking differently about cybersecurity. Those events highlighted that anyone can be vulnerable, and that cyberattack can be a brand and reputation issue for organisations, as well as a financial risk.
Before then, there were times when it was challenging to engage small and medium-sized businesses in discussions about why they might benefit from a cyber policy. Often, they considered it another financial burden, and they were too small to be of interest to hackers.
But when the frequency and severity of attacks increased, it became clear that cyber insurance is something that all organisations – large or small – must think about.
Clients need a partner throughout the process
There was a large wave of claims after WannaCry, and I learned a lot during this period. I had both large and small clients, with differing needs.
For some of those smaller clients, their business was their life: often built from scratch and their sole source of income. As well as my support and advice, they also needed empathy.
At AXA XL, if you have a cyber claim, you speak to the same person throughout the process, who is your dedicated point of contact from start to end. It’s one of the most important parts of our cyber insurance offering. I believe this makes a huge difference to our clients, who are facing one of the most stressful periods in their working lives. Clients need to feel heard and supported through challenging times.
Allianz: Pioneering protection in the digital age with Allyz Cyber Care
AI is a challenge and an opportunity for cyber insurance
AI is a huge innovation for us and our clients. It’s exciting, but such a major innovation comes with risk. Hackers are using AI to increase the volume of attacks and to make those attacks more efficient. But we can use AI to help manage risks, monitor threats and develop better responses.
In the early days of cyber insurance, we used to assess clients and underwrite their risks via a questionnaire. Nowadays we seek a holistic view of the client, so our risk analysis is enhanced through scanning. Working with tech providers, we use AI to screen the client throughout the lifecycle of the policy. It’s a game-changer, giving greater clarity for client and insurer.
Cyber is a constantly evolving risk. Our understanding of that risk, and the coverage and services we provide, are evolving alongside it. AXA XL was one of the first insurers to develop a Generative AI endorsement, which extends coverage for specific risks that businesses may encounter when building out their own Gen AI models.
A future of evolving threats and solutions
Cyber insurance will continue to evolve over the next decade, to meet changing demands. As well as AI, there are other risks and opportunities.
The world is increasingly interconnected, bringing great strengths and creating vulnerabilities. The notion of ‘polycrisis’ is a big topic for all clients. Cyber war isn’t just a theoretical notion any longer. Systemic risk is also something we put at the forefront of our risk assessments. A major cloud outage, for example, could have wide-ranging, global repercussions.
Our cyber risk consultants are dedicated to understanding these evolving risks. We use that knowledge to improve how we operate and to help clients reduce their risk.
These risks should not stop us from underwriting cyber insurance policies, but we need to recognise insurance alone is not enough. To develop greater resilience, we need to collaborate. I am part of discussions all the time between insurers, reinsurers, brokers and clients to increase collaboration and provide a united front against an evolving threat landscape.
As I look back at more than a decade in cyber insurance, I can honestly say I have never been bored. No day is the same, and I’m sure it will only get more interesting over the next ten years. By helping organisations to prevent attacks, we’re helping to make the online world a safer place.