Why has supplier risk become a major cybersecurity issue?
Supplier risk is significant, but it does not fully describe the challenges currently facing businesses. At AXA France, we mainly support SMEs and mid-cap companies, which are less focused on managing their supply chain than on direct protection. Thanks to our partnership with Board of Cyber, we give them access to technology that was previously reserved for large groups: scanning their external exposure surface. This is a necessity, because according to the AXA White Paper, 36,000 scans are performed every second worldwide by cybercriminal groups to identify security vulnerabilities to exploit. Identifying your weak points reduces the likelihood of being attacked and shows your partners that you are a strong link in a trusted ecosystem.
How does the Security Rating® solution fit into your underwriting approach?
This solution has become an essential tool, as it serves first and foremost to raise awareness among executives, who are often unaware of their actual level of exposure. AXA France's intermediaries can show them their security rating and attack surface: this is very concrete and helps raise awareness. We require a minimum cyber rating to underwrite cyber insurance, but if a company falls below this, we support them and advise them on the corrective measures to take in order to qualify for insurance. The aim is not to exclude companies, but to help them improve their cyber maturity. The cyber rating therefore serves as both an educational tool and a driver for continuous improvement, as the company will be able to benefit from it throughout the term of the contract.
‘Our goal is to help our customers improve their cyber maturity’ - Thierry PITON
Beyond insurance, how does AXA France support its customers?
Our ‘Global Cyber Secure’ offering combines several sovereign solutions to support our customers over the long term. The first pillar is Board of Cyber for attack surface scans and cyber ratings. The second is Kamaé, a training and testing platform designed to increase employee vigilance. These two solutions, offered in every policyholder's contract, address technical and human vulnerabilities respectively. They will soon be complemented by a Managed Detection & Response (MDR) solution at a preferential rate, to detect and stop attacks as quickly as possible. We complement this support with an ecosystem of partners who cover needs such as auditing, remediation, compliance and the implementation of business continuity plans.
About Thierry Piton
Thierry Piton is the national cyber risk underwriting advisor for AXA France. He has spent most of his career in insurance and risk management, first at Sagemcom, then at Altradius and Euler Hermes – now Allianz Trade – before joining AXA France in 2018. He is also a reservist and cyber threat expert with the Office for Combating Cybercrime (OFAC).
