Skip to main content
  The Geneva Association
  • About us
    • Who We Are
    • Team
    • Board
    • History
    • Careers
    • Contact
  • Research topics
    • Climate Change & Environment
    • Health & Demography
    • Financial Inclusion
    • Digital Technologies
    • Cyber
    • Macro & Geoeconomic Shifts
    • Public Policy & Regulation
    • Evolving Liability
  • Publications
    • Research reports
    • The Geneva Papers
    • Articles
    • Annual reports
  • Events
    • Upcoming events
    • Summaries & Recordings
  • Awards
    • Women in Insurance Award
    • Ernst Meyer Prize
  • News & Media
Search
Subscribe
My Account Logout Subscribe
LinkedIn YouTube Instagram
Popular searches
PROGRES
Ernst Meyer Prize
Women in Insurance Award
Geneva Papers
Safeguarding Home Insurance
Reports
Events

Breadcrumb

  1. Home
  2. Events
  3. Cyber Conference 2024
Cyber Conference 2024

Cyber Conference 2024

Nov 11, 2024 - Nov 12, 2024
  • Twitter
  • Linkedin
  • Email
  • Facebook

New York City, kindly hosted by Axis

 

Enhancing the Role of Insurance in an Increasingly Hostile Cyber World


The cyber threat landscape is growing ever more hostile. Heightened geopolitical uncertainty and further breakdown in the international rules-based order is fuelling an escalation in malicious cyberattacks by state-sponsored threat actors and illicit groups such as ransomware or hacktivist gangs. Espionage and extortion are no longer their only goals. Increasingly, perpetrators seek to disrupt economic activity and even destroy key parts of critical national infrastructure. Continued technological advances are boosting the current and future capabilities of malevolent actors, even if they also offer hope of more robust cybersecurity defence.

Against that backdrop, this conference explored recent shifts in the risk environment and how far re/insurance can play a bigger role in boosting society’s cyber resilience – in particular, what innovations are required to enable the sector to assume more of the rare but extreme downside cyber risks facing households and firms.

DOWNLOAD AGENDA

Opening remarks: Vincent Tizzio

Vincent Tizzio, President & CEO, AXIS

Cyber insurance plays a pivotal role in protecting the global economy amidst escalating cyber risks. Collaboration, innovation and enhanced underwriting capabilities are needed for insurers to navigate the rapidly evolving threat landscape.

Limited risk-absorbing capacity to respond to large-scale cyber events is a challenge facing the insurance sector. Leveraging data, analytics and AI will be critical to improving loss prevention and claims management. The debate is also ongoing – particularly in North America – on the potential need for government-sponsored financial backstops to address catastrophic cyber risks.

Insurance-linked securities (ILS) are emerging as a means to expand capacity, with AXIS recently launching the industry's first fully-securitised cyber-ILS transaction. This area is gaining increasing interest from capital market investors.

Keynote speech: Anne Neuberger

Anne Neuberger, Deputy National Security Advisor of the United States

Global cyber threats are increasing in complexity, shifting from espionage to disruptive (and sometimes destructive) attacks on critical infrastructure. Ransomware is also a continuing menace, predominantly driven by criminal groups. Robust cybersecurity practices are urgently needed to mitigate these risks.

Closer collaboration between governments and the private sector, particularly the insurance industry, is needed to incentivise risk-prevention measures such as data encryption, multi-factor authentication and incident-response planning. Avoiding ransom payments (including reimbursements by insurers) is also important as they only perpetuate attacks. Enhanced intelligence sharing can also bolster firms’ cyber defences.

Attribution challenges persist in cyber, especially given the blurring of lines between nation-state threat actors and cybercriminals/’hacktivists’. Insurance plays a critical role in fostering proactive cybersecurity and aiding recovery from incidents, but innovation is paramount to keeping pace with evolving threats. Ultimately, public-private partnerships will help to strengthen economies’ resilience in an increasingly interconnected cyber landscape.

Panel 1: Dual-use Technologies and Cybersecurity Risks

Frank Schmid, Gen Re; Denis Mandich, Qrypt; Sasha Romanosky, RAND; David Stone, Google 

This panel discussed the complex interplay between advanced technologies, such as AI and quantum computing, in both enhancing and undermining cybersecurity. AI has emerged as a powerful tool for improving defences, such as detecting phishing attempts and securing endpoints, but it simultaneously lowers barriers of entry for attackers, enabling more targeted and frequent cyberattacks. While its potential for defending against threats is significant and continues to develop, attackers often outpace defenders in adopting new technologies to exploit known or latent vulnerabilities.

Quantum computing arguably poses an even greater challenge than AI, at least over the longer term. Its exponential power could ultimately break existing encryption standards like RSA which are vital for secure data transmission, raising the importance of a viable transition to post-quantum cryptography. However, this transition faces significant logistical and technical hurdles, with timelines spanning decades. The concept of crypto agility – quickly adapting to new encryption standards – is essential to mitigating this risk.

Social-engineering attacks, fuelled by ever more publicly available digital data, are becoming more sophisticated. Both technical defences and user education are needed to build resilience against such threats. A shift in cybersecurity priorities from pure defence to recovery and resilience is needed. Rapid recovery after cyber incidents is becoming a key focus area for organisations and insurers.

Safeguarding against risks from dual-use technologies requires a multi-faceted approach involving public-private collaboration, advancements in encryption and organisational emphasis on resilience. Proactive efforts to address vulnerabilities and adapt to evolving threats are critical in navigating rapidly changing technologies.

Panel 2: Evolving Third-party Liabilities in Cyber

Danielle Roth, AXA XL; Terence Coates, Markovits, Stock & DeMarco; Al Saikali, Shook Hardy

This session explored growing third-party liabilities arising from cyber incidents, focusing on the legal and regulatory challenges faced by businesses in an era of increasing data breaches and privacy concerns. There is a rise in class-action lawsuits driven by data misuse, wrongful collection and emerging liabilities beyond traditional breaches, such as companies’ use of tracking technologies like pixels and cookies.

Plaintiff attorneys are leveraging new legal theories and evolving case law to target even small-scale breaches. Meanwhile, defendants face mounting legal costs due to the increasing volume and complexity of these cases, with procedural mechanisms, such as motions to dismiss and class certifications, becoming increasingly pivotal stages in litigation. Regulatory developments, particularly around privacy laws and enforcement by state attorneys general, add further complexity.

In order to mitigate risks and better understand the implications of rapidly changing legal landscapes, organisations should ensure transparency in data-collection practices, adopt robust cybersecurity measures and engage experienced legal and risk-management teams.

Panel 3: Product Development in Cyber Re/insurance

Brian Lewis, Lockton Re; Lori Bailey, AXIS; Gordon Malin, Elpha Secure; Rachel Patrizzo, HSB; Matt Prevost, Chubb 

This panel focused on the evolution of cyber-insurance products in response to the evolving risk landscape and increasing demand for innovative solutions. Cyber-insurance penetration is low among small and medium-sized enterprises (SMEs), despite their relatively high exposure to cyber risks. Offering value-added services, such as security-scanning tools, threat advisory and education, could incentivise insurance adoption. 

For larger organisations, the integration of technology, such as advanced risk engineering and real-time vulnerability scanning, is crucial for both underwriting precision and improving insureds' security postures.  Aligning premiums and coverage terms with security practices, like multi-factor authentication and endpoint detection, is also a way to promote better risk management.

The industry needs to differentiate between attritional losses and systemic risks. Solutions such as bifurcating the product or designing specific endorsements for catastrophic events can help manage capacity and ensure sustainable market growth. However, challenges remain in balancing innovation with the need for standardised policy language, particularly around exclusions for war, terrorism and critical infrastructure failure.

Overly broad policies that attempt to cover both first- and third-party risks are concerning: clearer terms are needed to improve transparency and policyholder understanding. Despite these challenges, the industry has the promising ability to innovate and adapt while fostering growth through collaboration, improved risk assessment and better education for buyers and brokers alike.

Panel 4: Institutional Innovations that Can Promote Catastrophic Cyber Risk Transfer

Simon DeJung, AXIS; Aidan Flynn, Beazley; Tom Johannesmeyer, University of Kent, Canterbury; Institute of Cyber Security for Society (iCSS); John Kelly, Envelop Risk Analytics; Joanna Syroka, Fermat Capital Management; Josephine Wolff, Tufts University

This session explored how to facilitate the transfer of catastrophic cyber risks to balance sheets best able to absorb them and examined institutional innovations that could overcome related challenges. There are gaps in market capacity for extreme cyber losses, and it is difficult to model and underwrite systemic cyber risks, such as nation-state attacks, critical infrastructure failures or widespread internet outages. Quantifying and pricing such risks is complex, and there is limited appetite for covering them in traditional re/insurance markets, particularly without governmental backstops or further innovation in risk-sharing mechanisms.

Reinsurance and ILS have a role to play in absorbing large-scale risks, with some stakeholders advocating for broader adoption of non-proportional (i.e. excess-of-loss) reinsurance solutions. However, a lack of industry consensus on event definitions, such as cyber war and critical infrastructure failure, and on the implications of policy exclusions hinders market growth.

Government backstops are part of a potential solution, though there are differing views on whether such intervention would stifle innovation or provide the necessary confidence among re/insurers to expand capacity. Examples from other lines of insurance, like terrorism or natural catastrophes, were referenced to illustrate possible frameworks for collaboration between the public and private sectors. It is important to foster greater market maturity and improve modelling capabilities to better understand catastrophic cyber events.

Overall, balanced approaches that enable risk sharing without discouraging innovation or creating unintended gaps in coverage are needed. 

 

 

Related research

Cyber Risk Accumulation: Fully tackling the insurability challenge
Ransomware: An insurance market perspective
Insuring Hostile Cyber Activity: In search of sustainable solutions

Related Content

Programme on Regulation and Supervision 2025

Programme on Regulation and Supervision 2025

Sep 16, 2025
Conferences
Evolving Liability Conference 2025

Evolving Liability Conference 2025

Mar 24, 2025
Conferences
Economic Forum 2025

Economic Forum 2025

Mar 12, 2025
Conferences
Health & Demography Conference 2025

Health & Demography Conference 2025

Feb 27, 2025
Conferences
Cyber Conference 2024

Cyber Conference 2024

Nov 11, 2024
Conferences
Climate Change & Environment Conference 2024

Climate Change & Environment Conference 2024

Oct 15, 2024
Conferences

Related Content

Programme on Regulation and Supervision 2025

Programme on Regulation and Supervision 2025

Sep 16, 2025
Conferences
Evolving Liability Conference 2025

Evolving Liability Conference 2025

Mar 24, 2025
Conferences
Economic Forum 2025

Economic Forum 2025

Mar 12, 2025
Conferences
Health & Demography Conference 2025

Health & Demography Conference 2025

Feb 27, 2025
Conferences
Cyber Conference 2024

Cyber Conference 2024

Nov 11, 2024
Conferences
Climate Change & Environment Conference 2024

Climate Change & Environment Conference 2024

Oct 15, 2024
Conferences
The Geneva Association

Subscribe to our updates

About us

Research topics

Publications

Events

Awards

News & Media

Contact us

Terms & Conditions

Follow us on social media

LinkedIn Instagram YouTube

© Geneva Association

Admin

INSURANCE FOR A BETTER WORLD