Building Cyber Confidence_AXAs Cyber Center of Expertise (2024)

A Q&A with Anthony Dagostino, Global Chief Cyber Underwriting Officer, Commercial Operations for AXA

Year after year, cybersecurity appears as a top risk management concern in the AXA Future Risk Report, most recently climbing to the #2 spot on the list of Top 10 future risks.

To help commercial clients address this top concern, AXA launched the Cyber Center of Expertise (CoE), led by Anthony Dagostino as Global Chief Cyber Underwriting Officer, Commercial Operations for AXA. AXA's Cyber CoE brings together AXA’s experts in cybersecurity, data protection, and risk management to develop strategies and solutions to protect businesses against cyber threats. The Cyber CoE aims to help commercial clients manage cyber risk by maximizing AXA’s global resources, adopting best practices, and tapping into collective cyber expertise across AXA’s entities to provide effective cyber risk solutions tailored to clients’ operations and needs.

Here Anthony explains more about the motivation behind the Cyber CoE and how it plans to ease businesses’ cyber concerns.

Q: Why did AXA develop the Cyber Center of Expertise?

Anthony: AXA is a longtime leader in cyber insurance market. One AXA entity, AXA XL, has been offering cyber insurance for 20 or more years and is a market leader in standalone cyber coverage. Now, as the need for cyber insurance grows globally, across all industries, and among businesses of all sizes, we’re stepping up our cyber risk management capabilities across all AXA entities.

Managing cyber risks are challenging for any operations. An insurer like AXA, that is assuming cyber risks, is no different. The Cyber CoE will help AXA keep an eye on the big cyber risk picture, working collectively on our product and service offerings, supporting our cyber talent, and helping manage aggregation risks in order to maintain our long-term commitment to the market.

For our clients, the Cyber CoE is about bringing our collective expertise to the table to develop the best possible solutions that the market has to offer. By pooling our expertise together and encouraging collaboration across AXA entities, we’re intent on providing our clients with a consistent experience across AXA and most importantly, the cyber risk management solutions that can help minimize their cyber risks.

Q. Will the CoE develop new cyber insurance coverages?

Anthony: The CoE is a resource for all AXA entities and we’re here to collaborate with our underwriting teams to develop and enhance our coverages and how we deliver them.

AXA offers cyber coverage in some 19 countries. Available cyber insurance typically covers a range of liabilities and expenses related to cyber incidents, such as data breaches, network security failures, and cyber extortion, like ransomware attacks. This may include costs associated with investigating and responding to the incident, legal expenses, notification expenses, credit monitoring for affected individuals, and potentially even losses resulting from business interruption.

Cyber risks change quickly. So, the CoE will help our teams stay on top of changing cyber threats, but also engage with our clients to determine what they may need in the future, what gaps in coverage they may have. Recently, for instance, our U.S. underwriting team developed coverage, available by endorsem*nt, to help publicly traded companies address the costs of a new Security Exchange Commission (SEC) rule on disclosing material cybersecurity incidents. AXA UK has successfully conducted an initial launch of a new cyber product target to UK-based SMBs. AXA Spain recently revamped its cyber SMB product offering cyber prevention solutions through a partnership with BOXX.

What kind of risk management services is the Cyber CoE looking to develop for clients?

Anthony: Leveraging insurance, risk consulting services, and innovative technologies, we’re looking to provide clients with a comprehensive cyber risk management approach. Many AXA entities already offer a host of services to help clients assess risks, prepare for a potential breach and of course, address a cyber incident should it occur.

AXA recognizes the importance of protecting its clients from cyber risks as they evolve. A great example of this is a cybersecurity initiative that AXA in Francedeveloped to raise awareness about the potential for cyber-attacks around the Paris Olympics and what companies can do to prevent failing victim to one. During the 2021 Olympic Games in Tokyo, the local cybersecurity services reported some 450 million attempted cyberattacks. Our AXA France cyber team is offering our corporate clients in France -- even if they do not purchase AXA cyber insurance -- guidance in ways to avoid such attacks.

The cyber insurance market can expect to see more examples like this where our cyber teams are stepping up to support our clients’ cyber resiliency in new ways. Just recently we joined with CrowdStrike to offer all clients access, with preferential pricing, to their Falcon for Insurability platform.

The cyber risk landscape is constantly evolving, so a willingness to stay updated on the latest cyber threats and insurance industry developments is crucial to our success and the effectiveness of what we bring to our clients.

How is an insurer, like AXA, in a position to help companies boost their cyber security?

Anthony:We’re in a very strong position to do so. As an insurer that works with all industries and all sizes of business, we gather a lot of information and insight from so many diverse clients. If there is one thing that insurers, like AXA, have, it’s access to data. Insurance is a data-driven business.

Since we’ve been providing some form of cyber insurance for decades, we have decades of valuable claims data. To help clients boost their cyber security efforts, we can use data to analyze clients' historical data to identify patterns and potential vulnerabilities, offering insights and allowing us to pinpoint specific areas of vulnerability and recommendations to take action. We can provide access to data and analytics tools that help clients assess their current cyber security posture, identify potential risks, and prioritize areas for improvement. We’re looking at how we can best equip our clients with insights to understand their cyber risk exposure and make informed, cost-effective decisions on cyber security investments.

Overall, cyber insurers can play a big role in helping clients avoid cyber threats, providing, cybersecurity education and resources, conducting security assessments, and guidance on best practices for securing data and systems. We’re looking at what can really help our clients strengthen their cybersecurity posture, and how we can deliver it through partnerships or our own AXA XL Risk Consulting resources.

How can clients access to these cyber risk management services?

Anthony:Our cyber insurance policyholders have access to a variety of services already. But we’re also building out our capabilities on a couple fronts including AXA's Digital Commercial Platform (DCP). The DCP will be a comprehensive digital solution designed to provide commercial insurance brokers and clients with a seamless and efficient way to manage their insurance and risk management needs. For AXA's cyber clients, the platform will provide tailored cyber insurance solutions, real-time risk assessment, and access to cyber risk management resources.

AXA XL Risk Consulting is also building out its in-house cyber risk management team which will work with our clients providing cyber security guidance.

Because of the constantly evolving nature of cyber risks, underwriting cyber insurance can be challenging. How do AXA’s cyber underwriters stay up to speed on the changing cyber risk environment?

Anthony:The cyber risk landscape is constantly evolving, so a willingness to stay updated on the latest cyber threats and insurance industry developments is crucial to our success and the effectiveness of what we bring to our clients. The CoE is taking a very active role in developing our cyber talent and providing continuous learning opportunities across AXA entities by providing specialized training, including the CCIS (Certified Cyber Insurance Specialist) designation, as well as other resources, mentorship to employees interested in pursuing careers in cybersecurity. Through this initiative, employees will have the opportunity to enhance their skills, stay updated on the latest cyber threats and technologies. Having the right talent to assess and underwrite cyber risk will drive our future success.

What do you hope the CoE will accomplish this year and beyond?

Anthony:Our goal is to instill more cyber confidence in our clients, ensuring that security concerns do not hinder their ambitions or success. With our extensive experience and data-driven understanding of cyber risk, the Cyber CoE is determined to offer AXA clients support and effective cyber protections that stands out. We’ve already made considerable strides within the AXA organization, bringing together our cyber risk talent and resources so that we can leverage all that we have to offer. Expect to see new services and strategic partnerships from us soon.
Coordinating our efforts globally will allow us to share best practices, insights, and resources across different regions which will only enhance the overall effectiveness in helping our clients build their cyber resilience and confidence.