Cyber attacks are no longer just a tech problem—they are taking center stage in business leadership discussions. During a recent online panel hosted by Gia Snape, experts from Beazley, a global insurance company, gathered to share their firsthand experiences and insights on managing cyber crises, particularly for insurance professionals who play a key role in guiding clients through these events.
The panel included James Rizzo, a seasoned product leader with 17 years in underwriting, Catherine Heaton, a claims expert with a legal background, Francisco Donoso, Beazley Security’s chief product and technology officer, and Craig Linton, the head of U.S. underwriting management for cyber risk. Together, they painted a clear picture of the current cyber threat landscape and offered practical advice for businesses and insurers alike.
The discussion began with a surprising statistic: 83% of global executives believe their businesses are prepared to handle a cyber incident. However, the experts agreed this number was likely too optimistic. They emphasized that even companies with a plan can find themselves overwhelmed when a breach strikes, especially since cyber attacks today are more sophisticated and widespread than ever, often exploiting weak spots in the digital supply chain and vendor networks.
Francisco Donoso highlighted recent trends where attackers increasingly target cloud-based software and developers, knowing that a single breach can ripple across thousands of organizations. Catherine Heaton added that this has led to more damage beyond the initial victims, including a sharp rise in class-action lawsuits against companies affected indirectly through vendors and suppliers.
The panel also discussed how companies often struggle in the critical first 48 hours after an attack. Confusion tends to prevail, with teams unsure who should communicate updates or which systems to recover first. Francisco noted that many incident response plans are outdated, overly long, or missing key details, making them hard to follow when things get hectic.
To handle this, the experts stressed the need for businesses to work closely with their insurance carriers from the start. Insurers like Beazley offer more than just financial protection—they provide guidance, crisis management support, legal advice, public relations help, and more. Early reporting can prevent costly mistakes, while collaboration ensures a smoother recovery.
A major focus was on the evolving role of ransomware gangs and the legal issues surrounding ransom payments. Sanctions often complicate paying criminals, who frequently rebrand to evade restrictions. Experts warned that paying ransoms fuels these cybercrime businesses, which are constantly adapting and becoming more aggressive.
Looking ahead, the panel addressed the impact of artificial intelligence in cybercrime. AI is helping attackers launch more targeted and persistent attacks, while defenders struggle to keep pace. Both sides are racing to use AI tools, with defenders focusing on preemptive security measures to catch flaws before hackers exploit them.
When it comes to measuring cyber resilience, practical and straightforward methods were recommended. Keeping track of breaches, defining recovery goals, and communicating clearly with leadership using simple frameworks like NIST’s Cybersecurity Framework can help boards understand how prepared they truly are.
The conversation also touched on the role of regulators. Panelists noted that while some wish for perfection in cybersecurity, most regulations aim for reasonable measures. There is concern about holding individuals personally responsible, which raises the stakes further for organizations.
Finally, the panel urged companies not to rely solely on compliance checklists but to build strong, custom defenses that match their unique risks. As Francisco Donoso put it, focusing too much on compliance while neglecting actual security can leave organizations vulnerable.
In closing, the panel agreed that the best way for companies to protect themselves is to prepare thoroughly, partner with experts, and keep learning as the cyber landscape changes. This practical approach not only helps mitigate damage but also improves chances of a swift, successful recovery when attacks occur. For insurance professionals, staying informed and working directly with clients throughout the entire cyber event process is key to providing real value and minimizing losses.