AXA XL's Danielle Roth focuses on cyber risks
Greater access and use of data offers insurers an opportunity to proactively work with clients to create the best risk mitigation approaches.
No one is more aware of how cyber risks have evolved over the last decade than Danielle Roth, the practice leader and head of cyber claims North America for AXA XL. With 19 years of experience in the insurance industry, Roth and her team assist clients with pre-incident services, guide them through the response in the event of a cyberattack, work with policyholders in defending privacy class actions and regulatory investigations, and provide insights for other E&O, technology-related and media claims. She has extensive experience on both the carrier side and as monitoring counsel for multiple carriers.
In her spare time, Roth enjoys reading, traveling and spending time with friends and family, and particularly appreciates the opportunities that come with living in New York City.
PC360: What opportunities do you see for insurers in terms of claims?
Roth: Our greatest opportunity lies in extending the use of technology for better data analysis. We’ve been in the cyber market for more than 10 years now, giving us enough data to help us identify patterns and claims trends.
It certainly helps us in terms of underwriting and pricing the risk, but it also gives us greater insights to share with our clients to help steer their risk mitigation efforts in the best direction.
Greater access and use of data and analytics offers a big opportunity to work with our clients to provide better cybersecurity guidance and pre-breach assistance, so they are better prepared in the event of a cyber-attack.
Automation offers some opportunities to streamline the process, but especially when dealing with the stress after a cyber incident, talking to someone can’t be replaced. People like having someone on the other side of the phone.
PC360: The talent shortage is still a very real concern for insurers. How can we bring more people into the insurance claims profession?
Roth: The industry is dealing with two issues with regard to the talent shortage. Of course, it’s attracting new talent, bringing people into the industry in the first place. But then, the issue becomes keeping them. Because of the shortage in the industry, competition among insurers is fierce.
To help build our team, we developed our own talent pipeline. In the beginning, we hired really experienced people. Now, we are hiring claims colleagues with less experience who are learning from our more experienced team ahead of them. As the team has grown there have been opportunities for advancement. In areas like cyber claims, we do have to look at non-traditional talent pipelines. A technical or IT background can be valuable in a claims position.
From a cyber claims perspective, managing cyber claims can really be pretty exciting. Getting that excitement out into the market to potential candidates is important. Junior claims handlers can come in and have an impact right away.
PC360: What types of claims are you most concerned about?
Roth: The current increase in ransomware is worrisome. While we may have seen a decrease in 2022, in the first half of 2023, we’re seeing an uptick.
Also, there has been a ton of data protection lawsuits. The regulatory environment has become much more onerous and that will have an impact on our insureds, as well as on claims and how we handle them.
PC360: What issues should insurers be monitoring over the next 12-18 months?
Roth: We need to keep an eye on regulatory changes on the state level – everything from the collection of biometrics to more privacy laws.
And on the federal level, the Securities and Exchange Commission (SEC) proposed new cyber regulations that will expand the obligations that a board and its directors have when their company is experiencing a cybersecurity event. It also changed the reporting of cyber incidents, requiring companies to report an incident within four days of determining that a breach has become material. It also proposed rules that require the adoption and maintenance of cybersecurity standards and practices, as well as risk management protocols for public companies.
There’s a growing realization now that privacy is important. A lot of this went unregulated for so long but that’s changing, giving us a lot to stay on top of.
PC360: What’s the best piece of advice someone has given you?
Roth: Aside from the strong work ethic that my parents passed on to me, I received two pieces of advice that have stuck with me my whole career. I was in an account management training program at Ogilvy & Mather, the global advertising agency.
Shelly Lazarus, who later became the chair of the agency, advised — hire your weaknesses. Her bit of advice was really focused on maximizing your strengths and surrounding yourself with people who could fill in your weaknesses.
She also said, “Look to your left. Look to your right. You’re each other’s future clients. Act accordingly.” She made us realize that we’d all be working for a long time and our paths may cross in very different ways throughout our careers. Certainly, don’t burn bridges. Focus on developing these relationships now.
Related:
Preventing social engineering fraud
Closing the gaps on cyber risks