Cybersecurity and technology risks
Protecting What Matters, AXA promotes a security mindset of “CARE, PROTECT, ALERT” across its organization, and continue to reinforce its internal governance to address ever evolving cyber and technology risks.
AXA Group’s exposure to cyber risk is still high with increasing use of new technologies to deliver AXA Group’s products and services.
The increasing frequency and sophistication of ransomware and other disruptive forms of cyber-attacks directed at major financial institutions and other corporations recently has made clear the significance of these cyber risks and the operational, financial, and reputational damage that they can potentially inflict. This has led to an increased regulatory focus on risks of security breaches stemming from the growing reliance of the financial sector on information and communication technology.
The AXA Board of Directors is responsible for ensuring that an appropriate and effective system of Internal Control and Risk Management is in place across the Group. In this context, it can undertake all controls and verifications as it deems appropriate. Considering the growing cyber and technological threats over the past years, the Board of Directors has been paying special attention to these matters, including risk management and control topics related to cyber and technological incidents, as well as risk reduction initiatives reported by the Group’s risk, control, compliance, and audit governance bodies.
Furthermore, to assist it in fulfilling its responsibilities, the Board of Directors established three Committees: An Audit Committee, a Finance & Risk Committee and a Compensation, Governance & Sustainability Committee. These Committees constitute an important part of the Group’s overall internal control environment and play a major role in reviewing Internal Control and Risk Management related issues. The Board of Directors mainly relies on the work of the Audit Committee to monitor cyber and technology risks.
The AXA Board members also receive dedicated training from the Chief Security officer (CSO) and are regularly updated on the cyber risk profile and emerging risks.
All 145,000 AXA employees have a role to play to make sure that AXA, its customers, and its partners are adequately protected against growing cyber and technological risks. This is why AXA has committed to train all its salaried and non-salaried employees in security, annually. The training has been designed to help AXA employees to adopt the right behaviors and strengthen their ability to identify and react quickly to immediate threats or abnormal situations.
Furthermore, in alignment with our societal commitments to make a positive impact, AXA is strongly involved in initiatives that aim to develop consciousness of cyber risks and implement new efforts to mitigate them, such as raising cyber awareness for youths (Cybervengers), contributing to strengthening the cybersecurity ecosystem (e.g., Campus Cyber in France) and supporting academic research to reduce the societal impact of cyber risk (e.g., AXA Research Fund on cyber resilience).