Adapting to an ever-changing cyber landscape
2 min
"The main thing is that our clients can always get in contact with us."— Danielle Roth
A Story by Danielle Roth, Practice Leader and Head of Cyber Claims, North America, AXA XL
When I first started working in cyber claims, before I was at AXA, that was around the time of the massive Target and Home Depot credit card breaches, where 96 million credit card details were stolen - 56 million for Home Depot and 40 million for Target. I think that was something that really brought data breaches into the common vernacular. Then around 2016, credit card technology changed and that alleviated a lot of the issues with credit cards. And as that was fading away, ransomware became more of an issue. I still remember seeing a demand for $25,000, which was a huge deal at the time - but now you are far more likely to see eight-figure sums demanded as a ransom.
"It is an office joke to talk about all the weird times we have picked up a client call! Even if we are not at our desk, it is okay. We are srill ready for it."
We are there to help get our client back up and running after a cyber incident of some sort. Our policies also cover the impact of data breaches. We are seeing more and more people file lawsuits for damages after their data was compromised. The main thing is that our clients can always get in contact with us. We have a data breach hotline that is monitored 24/7 by someone in my specialized team, and I think that distinguishes us from our competitors..
What I love about my job is that in cyber and cyber claims in particular, you are always learning something new. The law is changing, the technology is changing, and the threat actor’s behaviour is changing. For instance, around 2016-2017 we saw a lot of what we call W-2 scams, where a hacker would email the CEO’s administrative assistant from the CEO’s account and pretend to urgently need the tax information of all of the employees. They would prey on people’s innate tendency to want to help. Armed with that information, the hackers would use the tax information to file on behalf of people and get their tax refund. Once we started educating our broker partners and clients, that dropped massively, and I don’t think we saw more than one the following year. That was foundational for us, because it taught us to integrate education into our policies.
I remember the CrowdStrike incident in 2024, when a faulty software update essentially caused the blue screen of death for a lot of companies around the world. It was a huge incident – but it was business as usual for us, and I’m proud of that. This is exactly what we train for. We have a playbook developed for these large-scale events and we have got it down to a science at this point.
