In Partnership with
In cyber, the only constant is change
Experts discuss market stability, maturity, and growth prospects for the future
Gwenn Cujdik
AXA XL North America
Industry experts
Hilario Itriago
BOXX Insurance Inc.
Shannon Groeber
CFC
Shawn Ram
Coalition Inc.
Gwenn Cujdik is the claims manager for cyber incident response. She is responsible for managing a team of claims professionals dedicated to assisting clients before, during, and after a cyber incident. Gwenn oversees AXA XL’s breach-response panel and pre-breach services, including best-in-class law firms and vendors to assist in the incident-response process, liaising closely with AXA XL claims and underwriting teams to ensure clients’ needs are met should an incident occur. Prior to joining AXA XL in 2021, Gwenn was a prosecutor in a major US city, managing all aspects of criminal investigation and prosecution.
AXA XL North America
Gwenn Cujdik
Hilario Itriago is an internationally recognized insurance industry leader.
Hilario was a FTSE 100 Company Division CEO, COO, and CFO at RSA Insurance Group Latin America prior to successfully leading the sale of the RSA Division to Grupo Suramericana from Colombia.
He is now an accomplished Insurtech entrepreneur, having co-founded and sold his first company, and now acting as an investor in and advisor to others.
BOXX Insurance Inc.
Hilario Itriago
As executive vice president at CFC Underwriting, Shannon is responsible for leading the business’s strategy for its admitted cyber proposition. Based in New York, Groeber joined the team in early 2020 from Marsh JLT Specialty, where she was cyber innovation leader. Groeber’s nearly 20-year insurance career includes five years at JLT Specialty as cyber and E&O practice leader.
CFC
Shannon Groeber
Shawn is head of insurance at Coalition, the world’s first active insurance company. Shawn is responsible for Coalition’s insurance operations, including underwriting, claims, distribution, customer success, and strategic partnerships. Prior to joining the founding team of Coalition, Shawn served as managing director and national technology practice leader of Aon, and the executive managing director and western regional manager for Crystal & Company. Shawn was named one of Business Insurance Magazine’s 2013 “40 under 40 Broker Leaders,” and has been a finalist for Power Broker at Risk & Insurance Magazine. Shawn received his Bachelor of Arts from Brigham Young University.
Coalition Inc.
Shawn Ram
Ms. Landaverde joined Munich Re US in September 2017. Based in Princeton, NJ, she is responsible for the profit and growth of the North American cyber treaty reinsurance portfolio and US team, with a focused emphasis on strategy and product development. She is also an active member of the Munich Re global cyber board.
Prior to joining Munich Re, Ms. Landaverde served as cyber practice leader for a multi-line MGA and a global insurer. Earlier in her career, Ms. Landaverde served as professional liability team lead for small business clients and national accounts underwriter, both at AIG.
Munich Re US
Annamaria Landaverde
“Over the years, there’s been huge payouts, [generating] more understanding of how events happen … so I see us actively moving toward writing better policies and helping our insureds better prepare for risks”
Gwenn Cujdik,
AXA XL North America
THE CYBER insurance market is showing signs of stabilization after two years of extreme volatility, characterized by high frequency and severity of claims, soaring rates, reduced insurer appetite, and strict underwriting and risk management requirements.
Contending with an ever-changing cyber-threat landscape, insurers have made corrective actions to reflect the increased frequency and severity of the risk. Adjustments to pricing and risk appetite – although challenging for insureds and agents – are starting to have an impact. Rate increases are stabilizing as insurers gain more control over attritional losses and insureds focus on the implementation of cyber security controls.
“We are optimistic in that there has been forward progression in policy wordings, rate adequacy, and scenario modeling, but we think that there's still much to be done to bring the cyber product to a greater level of maturity.”
Significant challenges remain in the cyber insurance market, with the panelists expressing concerns about ransomware costs, risk aggregation or systemic events, third-party exposures, and ongoing issues around fraudulent funds transfer through social engineering and business email compromise, among other things.
After years as the primary culprit behind rapid hardening in the cyber insurance market, there have been some reports that ransomware attacks have decreased in both frequency and severity in the last six months. This is a trend that Shawn Ram, head of insurance at Coalition, experienced in Coalition’s book of business.
Proactive risk management
All panelists agree that cyber-risk management requires going beyond just insurance and should include proactive measures such as active threat monitoring and network scanning, consistent cybersecurity education, and offering a highly engaged claims process. Proactive risk-management is key in reaching more stability and maturity in the marketplace.
Regarding proactive risk-management, there are certain nice-to-have and need-to-have cyber-risk controls that are determining insurability and competitiveness in the marketplace. Underwriters are concentrating on several crucial controls at this time, including multi-factor
There are reasons for both optimism and caution in the cyber insurance market, according to the panel of cyber insurance experts gathered for the latest edition of IBA’s Executive Insights Series.
Gwenn Cujdik, manager, cyber incident response at AXA XL North America, says the market is “stabilizing [and] maturing” to the point where carriers, agents, and insureds are being more proactive and innovative in their cyber insurance and risk-management strategies.
CFC executive vice president Shannon Groeber agrees that the market has “entered a new segment of stability” after almost two years of “swift changes” and market corrections.
“We are firm believers in the three pillars of predict, prevent, and insure,” says Hilario Itriago, president, USA, BOXX Insurance. “[Regarding cybersecurity controls and capabilities], it’s about making sure small- and medium-sized businesses up their level of sophistication in how they manage their businesses. We think that’s really important because if we just provide an insurance policy, but we don’t help clients prepare [to face cyber threats], we’re not really adding any value to them, to their business model, or to their defense architecture in the long-term.”
“We remain cautious, but optimistic,” says Annamaria Landaverde, cyber team lead, Munich Re US. “We're cautious in that reinsurers are still carefully monitoring our exposure to systemic risk, and we’re also monitoring volatility. We're now starting to see the full picture from the 2018 to 2020 losses, and the impact of frequency and severity in those years. I think it'll take more time before we have enough evidence of continued improvement to really get more optimistic.
“Interestingly, the ransomware demands that we saw in 2022 reduced at a much larger percentage, from an average of $1.3 million to just under $900,000 in [the first half of 2022, versus the second half of 2021],” he says. “I do believe ransomware is subsiding slightly, but it continues to be the largest driver when it comes to severity-related risks.
“Having said that, we saw a slight increase of about three percent in that same time period for fraudulent funds transfer, social engineering, and business email compromise. The notion of phishing continues to be, from our standpoint, the most prominent threat vector that adversaries are using to infiltrate and exploit a network.”
Read on
Ram thinks cybersecurity controls have improved and have “contributed to the decline in ransomware” over the last six months. He explains: “At Coalition, we believe that roughly 40 percent of ransomware derives from RDP – particularly with the pandemic and many companies aggressively pursuing methodologies to work from home. I refer to RDP as ransomware deployment protocol. It's something that is commonly used by adversaries in order to deploy malware and exploit a policyholder.
“Some of these best practices, like managing how you deal with remote work, addressing back-ups in appropriate manner, and using MFA, have a tremendous advantage in thwarting adversaries and making your company not a target to the hacking community.”
What lies ahead?
Itriago says cyber insurance is still in the early stages of its “maturity curve,” but he believes that society is not far from a state in which technology use and digital connectivity will be so systemic that cyber insurance will soon be “essential.” He adds, “We're going to mature faster as an industry, and we're going to learn faster by having all those domains and all those data points … and inevitably, that’s going to turn people within the cyber insurance industry into rock stars.”
AXA XL, the property & casualty and specialty risk division of AXA, provides insurance and risk management products and services for mid-sized companies through to large multinationals, and reinsurance solutions to insurance companies globally. We partner with those who move the world forward.
Find out more
We’re a digital-age insurance provider built to help businesses and families stay ahead of cyber threats as well as respond to them. BOXX offers cyber insurance and services curated for everyday businesses and consumers. Powered by great technology, BOXX is making cyber simpler for customers and partners.
BOXX Insurance brings together new technologies, data science, and specialized underwriting to go beyond protection to predict, prevent, and respond to the risks of today and tomorrow. We go beyond traditional insurance – helping the world be digitally healthy.
Find out more
CFC is a specialist insurance provider, pioneer in emerging risk, and market leader in cyber. Our global insurance platform uses cutting-edge technology and data science to deliver smarter, faster underwriting and protect customers from today’s most critical business risks.
Headquartered in London with offices in New York, Austin, Brussels, and Brisbane, CFC has over 500 staff and is trusted by more than 100,000 businesses in 90 countries. Learn more at cfcunderwriting.com.
Find out more
In Partnership with
In cyber, the only constant is change
Experts discuss market stability, maturity, and growth prospects for the future
Read on
Shawn Ram
Coalition Inc.
Shannon Groeber
CFC
Hilario Itriago
BOXX Insurance Inc.
Gwenn Cujdik
AXA XL North America
Industry experts
Gwenn Cujdik is the claims manager for cyber incident response. She is responsible for managing a team of claims professionals dedicated to assisting clients before, during, and after a cyber incident. Gwenn oversees AXA XL’s breach-response panel and pre-breach services, including best-in-class law firms and vendors to assist in the incident-response process, liaising closely with AXA XL claims and underwriting teams to ensure clients’ needs are met should an incident occur. Prior to joining AXA XL in 2021, Gwenn was a prosecutor in a major US city, managing all aspects of criminal investigation and prosecution.
AXA XL North America
Gwenn Cujdik
Hilario Itriago is an internationally recognized insurance industry leader.
Hilario was a FTSE 100 Company Division CEO, COO, and CFO at RSA Insurance Group Latin America prior to successfully leading the sale of the RSA Division to Grupo Suramericana from Colombia.
He is now an accomplished Insurtech entrepreneur, having co-founded and sold his first company, and now acting as an investor in and advisor to others.
BOXX Insurance Inc.
Hilario Itriago
As executive vice president at CFC Underwriting, Shannon is responsible for leading the business’s strategy for its admitted cyber proposition. Based in New York, Groeber joined the team in early 2020 from Marsh JLT Specialty, where she was cyber innovation leader. Groeber’s nearly 20-year insurance career includes five years at JLT Specialty as cyber and E&O practice leader.
CFC
Shannon Groeber
Shawn is head of insurance at Coalition, the world’s first active insurance company. Shawn is responsible for Coalition’s insurance operations, including underwriting, claims, distribution, customer success, and strategic partnerships. Prior to joining the founding team of Coalition, Shawn served as managing director and national technology practice leader of Aon, and the executive managing director and western regional manager for Crystal & Company. Shawn was named one of Business Insurance Magazine’s 2013 “40 under 40 Broker Leaders,” and has been a finalist for Power Broker at Risk & Insurance Magazine. Shawn received his Bachelor of Arts from Brigham Young University.
Coalition Inc.
Shawn Ram
In Partnership with
In cyber, the only constant is change
Experts discuss market stability, maturity, and growth prospects for the future
Read on
Shawn Ram
Coalition Inc.
Shannon Groeber
CFC
Hilario Itriago
BOXX Insurance Inc.
Gwenn Cujdik
AXA XL North America
Industry experts
Shawn is head of insurance at Coalition, the world’s first active insurance company. Shawn is responsible for Coalition’s insurance operations, including underwriting, claims, distribution, customer success, and strategic partnerships. Prior to joining the founding team of Coalition, Shawn served as managing director and national technology practice leader of Aon, and the executive managing director and western regional manager for Crystal & Company. Shawn was named one of Business Insurance Magazine’s 2013 “40 under 40 Broker Leaders,” and has been a finalist for Power Broker at Risk & Insurance Magazine. Shawn received his Bachelor of Arts from Brigham Young University.
Coalition Inc.
Shawn Ram
As executive vice president at CFC Underwriting, Shannon is responsible for leading the business’s strategy for its admitted cyber proposition. Based in New York, Groeber joined the team in early 2020 from Marsh JLT Specialty, where she was cyber innovation leader. Groeber’s nearly 20-year insurance career includes five years at JLT Specialty as cyber and E&O practice leader.
CFC
Shannon Groeber
Hilario Itriago is an internationally recognized insurance industry leader.
Hilario was a FTSE 100 Company Division CEO, COO, and CFO at RSA Insurance Group Latin America prior to successfully leading the sale of the RSA Division to Grupo Suramericana from Colombia.
He is now an accomplished Insurtech entrepreneur, having co-founded and sold his first company, and now acting as an investor in and advisor to others.
BOXX Insurance Inc.
Hilario Itriago
Gwenn Cujdik is the claims manager for cyber incident response. She is responsible for managing a team of claims professionals dedicated to assisting clients before, during, and after a cyber incident. Gwenn oversees AXA XL’s breach-response panel and pre-breach services, including best-in-class law firms and vendors to assist in the incident-response process, liaising closely with AXA XL claims and underwriting teams to ensure clients’ needs are met should an incident occur. Prior to joining AXA XL in 2021, Gwenn was a prosecutor in a major US city, managing all aspects of criminal investigation and prosecution.
AXA XL North America
Gwenn Cujdik
Share
Share
Share
Annamaria Landaverde
Munich Re US
Annamaria Landaverde
Munich Re US
Ms. Landaverde joined Munich Re US in September 2017. Based in Princeton, NJ, she is responsible for the profit and growth of the North American cyber treaty reinsurance portfolio and US team, with a focused emphasis on strategy and product development. She is also an active member of the Munich Re global cyber board.
Prior to joining Munich Re, Ms. Landaverde served as cyber practice leader for a multi-line MGA and a global insurer. Earlier in her career, Ms. Landaverde served as professional liability team lead for small business clients and national accounts underwriter, both at AIG.
Munich Re US
Annamaria Landaverde
Annamaria Landaverde
Munich Re US
Ms. Landaverde joined Munich Re US in September 2017. Based in Princeton, NJ, she is responsible for the profit and growth of the North American cyber treaty reinsurance portfolio and US team, with a focused emphasis on strategy and product development. She is also an active member of the Munich Re global cyber board.
Prior to joining Munich Re, Ms. Landaverde served as cyber practice leader for a multi-line MGA and a global insurer. Earlier in her career, Ms. Landaverde served as professional liability team lead for small business clients and national accounts underwriter, both at AIG.
Munich Re US
Annamaria Landaverde
United States
USD $9.44 million
Middle East
USD $7.46 million
Canada
USD $5.64 million
United Kingdom
USD $5.05 million
Germany
USD $4.85 million
Average cost of a data breach
The top five countries or regions with the highest average cost of a data breach in 2022 were:
“[I]f we just provide an insurance policy, but we don’t help clients prepare [to face cyber threats], we’re not really adding any value to them, to their business model, or to their defense architecture in the long-term”
Hilario Itriago,
BOXX Insurance Inc.
Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. Backed by leading global insurers Arch Insurance North America, Allianz, Ascot Group, Lloyd’s of London, Swiss Re Corporate Solutions, and Vantage, Coalition offers its Active Insurance products in the US and Canada and its security products to organizations globally. Coalition’s Active Risk Platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses remain resilient in the face of cyberattacks. Headquartered in San Francisco, Coalition is a distributed company with a global workforce that collaborates both digitally and in office hubs across the globe.
Find out more
Cujdik also expects to see more growth and maturity as recognition of cyber risk grows. She says, “Over the years, there's been huge payouts, [generating] more understanding of how events happen … so I see us actively moving toward writing better policies and helping our insureds better prepare for risks. Nobody wants to have an event. It's a scourge on the reputation of the company. It's tremendously stressful. It can be an event that bankrupts a company or shuts down a company. And so, really being proactive and helping to avoid those events – I think that’s what we're going to see more of in the future.”
CFC’s Groeber expects cyber insurers to make better use of data points – collected through active network monitoring and scanning, and contextualized with the use of intel feeds – to analyze cyber risks in a way that will benefit both carriers and clients. She says, “We need to connect the dots … to create solutions with a more mature view toward protections and enhanced cyber hygiene. I think we’re seeing that now, and we’ll continue to see that as we – the cyber insurance community – start to access more data points and rely on tools and technology to support the solutions we’re providing to clients.”
“We’re now starting to see the full picture from the 2018 to 2020 losses, and the impact of frequency and severity in those years. I think it'll take more time before we have enough evidence of continued improvement to really get more optimistic”
Annamaria Landaverde, Munich Re US
Landaverde sums up the situation nicely: “The one constant in cyber insurance over the last 20 years has been change. Therefore, I predict that we'll see new loss trends, a shifting cyber-risk landscape, and further maturity in the areas of innovative risk assessments, more clarity in policy wordings, and more predictive CAT modeling. If we could achieve more certainty in all of this and less volatility, then I think we will continue to see more capacity coming into this market, whether it's traditional capacity like we see today or more alternative capital capacity. Ultimately, the end game for us is long-term sustainability of the cyber market.”
Munich Re is one of the world's leading providers of reinsurance, primary insurance, and insurance-related risk solutions. Munich Re is globally active and operates in all lines of the insurance business. Since it was founded in 1880, Munich Re has been known for its unrivalled risk-related expertise and its sound financial position. Munich Re possesses outstanding innovative strength, and is playing a key role in driving forward the digital transformation of the insurance industry. Its tailor-made solutions and close proximity to its customers make Munich Re one of the world's most sought-after risk partners for businesses, institutions, and private individuals.
Find out more
Source: IBM, Cost of a Data Breach Report 2022
She says, “While it's been quite difficult for everyone to navigate, I think the positive is that clients should have a better view of what to expect over the next 18 to 24 months as compared to the uncertainty and instability they’ve had to navigate [in recent years].”
“While it’s been quite difficult for everyone to navigate, I think the positive is that clients should have a better view of what to expect over the next 18 to 24 months without having to prepare for significant changes”
Shannon Groeber,
CFC
authentication (MFA), secure remote desktop protocol (RDP), endpoint detection and response (EDR), and the segmentation of back-ups and different network capabilities.
“I refer to RDP as ransomware deployment protocol. It’s something that is commonly used by adversaries in order to deploy malware and exploit a policyholder”
Shawn Ram,
Coalition INC.
CFC executive vice president Shannon Groeber agrees that the market has “entered a new segment of stability” after almost two years of “swift changes” and market corrections. She says, “While it's been quite difficult for everyone to navigate, I think the positive is that clients should have a better view of what to expect over the next 18 to 24 months without having to prepare for significant changes like they have [in recent years].”
United States
USD $9.44 million
Middle East
USD $7.46 million
Canada
USD $5.64 million
United Kingdom
USD $5.05 million
Germany
USD $4.85 million
Average cost of a data breach
The top five countries or regions with the highest average cost of a data breach in 2022 were:
The number of material breaches respondents suffered rose 20.5% from 2020 to 2021
Cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.
From 2020-2021, cybersecurity became a strategic business imperative
The role of the chief information security officer (CISO) expanded, with many taking on responsibility for data security (49%), customer and insider fraud (44%), supply chain management (34%), enterprise and geopolitical risk management (30%), and digital transformation and business strategy (29%)
Cybersecurity Solutions for a Riskier World
*The study analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending.
Source: Source: ThoughtLab 2022
The number of material breaches respondents suffered rose 20.5% from 2020 to 2021
Cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.
From 2020-2021, cybersecurity became a strategic business imperative
The role of the chief information security officer (CISO) expanded, with many taking on responsibility for data security (49%), customer and insider fraud (44%), supply chain management (34%), enterprise and geopolitical risk management (30%), and digital transformation and business strategy (29%)
Cybersecurity Solutions for a Riskier World
*The study analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending.
Source: IBM, Cost of a Data Breach Report 2022
The number of material breaches respondents suffered rose 20.5% from 2020 to 2021
Cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.
From 2020-2021, cybersecurity became a strategic business imperative
The role of the chief information security officer (CISO) expanded, with many taking on responsibility for data security (49%), customer and insider fraud (44%), supply chain management (34%), enterprise and geopolitical risk management (30%), and digital transformation and business strategy (29%)
Cybersecurity Solutions for a Riskier World
*The study analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending.
Source: Source: ThoughtLab 2022
CONTACT US
SPECIALTY
BEST INSURANCE
RESOURCES
RISK MANAGEMENT
NEWS
Copyright © 2022 Key Media
Key Media
Insurance Business Australia
Insurance Business Canada
Wealth Professional Canada
People
Terms & conditions
Privacy policy
Conditions of use
About us
Contact us
RSS
Asia
NZ
AU
CA
US
UK
contact us
specialty
Best Insurance
Resources
RISK MANAGEMENT
News
Copyright © 2022 Key Media
People
Terms & conditions
Privacy policy
Conditions of use
About us
Contact us
RSS
Asia
NZ
AU
CA
US
UK
contact us
specialty
Best Insurance
Resources
RISK MANAGEMENT
News
Copyright © 2022 Key Media
People
Terms & conditions
Privacy policy
Conditions of use
About us
Contact us
RSS
Asia
NZ
AU
CA
US
UK