Hiscox news - Issue 17

Facing up to the changing terrorist threat

Businesses caught up in a terrorist or active shooter event must recognise the importance of demonstrating command and control, clear and effective communication, and the need to empathise with victims and victims’ families during a crisis event involving mass casualties, according to Rick DesLauriers, former FBI Special Agent in Charge of the Boston Division.

Strong partnership with law enforcement

Speaking at Hiscox London Market’s “Leading the way in emerging risks” event at the RIMS conference in Boston on 30 April, DesLauriers – who led the hunt for the Boston Marathon bombers – also added that businesses need to make sure that they already have strong law enforcement partnerships in place prior to the onset of a crisis.

“Having strong relationships in place with the key people you will need to deal with in a crisis situation, under a ton of pressure, is so important in effectively dealing with and mitigating the situation,” Rick DesLauriers, former FBI Special Agent

Addressing over 120 brokers and risk managers, DesLauriers took delegates through the events of the 2013 Boston Marathon bombing investigation, delivering an inspiring account of what took place as he led the hunt for the Tsarnaev brothers – the terrorists responsible for the bombing.

Following his presentation, DesLauriers joined panellists Richard Halstead (Line Underwriter for War, Terrorism and Political Violence, Hiscox), Wendy Peters (EVP, Global Head of Terrorism and Political Violence, Willis Towers Watson) and Shawn VanSlyke (Principal, Control Risks) to discuss the changing nature of terrorism and the challenge of dealing with active shooter incidents carried out by home grown violent extremists.

Home grown extremists

“When we think about active shooters”, said Shawn VanSlyke, “we think about the spectrum of motivations which may include terrorism or some sort of ideology. But when it comes to lethal violence, especially in a corporate environment or workplace, we think it’s important to consider the broader spectrum of potential motivations.”

“For many of the active shooters – in the last three years there have been over 70 active shooter attacks in the U.S., with 800 casualties including 300 people killed – a mix of motivations are involved,” added VanSlyke. “The primary grievance may or may not involve some kind of ideology, or extremist view. We now know that active shooters displayed multiple concerning behaviors over the weeks leading up to the attack that were observable to others around the shooter. The most frequently occurring concerning behaviors were related to the active shooter’s mental health, problematic interpersonal interactions, and leakage of violent intent. But the biggest difference for us is in terms of prevention is when someone is becoming self-radicalised; those around them do notice but it’s usually family members and close friends who are hesitant to go to authorities.”

DesLauriers reinforced the importance of communication and joined up law enforcement and thought it was likely that errors in this area led to the failure to stop the recent bombings in Sri Lanka.

No grey areas for insurance

The panel also discussed the importance of the insurance industry evolving with the risk and leaving no grey areas of coverage for clients. “You don’t have to be the target to be the victim,” Richard Halstead explained. “With different events taking place in different parts of the world, the impact on businesses leads to significant disruption on people and revenue. The insurance market has to make sure we are leaving no grey areas on what’s covered for our clients.”

Dealing with the aftermath

As well as financial protection, insurers have a key role to play in helping clients mitigate the risk, manage the crisis and support clients through the post-event aftermath. “We have been experiencing with some of our clients what the aftermath of a crisis is like and what happens when stakeholders come back to them challenging what they had done from a prevention perspective to stop this type of event from happening. Most of our clients, at least historically, have not had that kind of security plan in place. This is something that is now critical and an important part of every business’s risk management platform,” said Wendy Peters.

Hiscox Cyber Readiness Report 2019

London, UK (23 April 2019) – A sharp increase in the number and cost of cyber attacks is the key finding in a study of 5,400 organisations across seven countries, commissioned by insurer Hiscox. More than three out of five firms (61%) report one or more attacks in the past year, yet the proportion achieving top scores for their cyber security readiness is marginally down year-on-year.

The Hiscox Cyber Readiness Report 2019 surveyed a representative sample of private and public sector organisations in the US, UK, Belgium, France, Germany, Spain and the Netherlands. Each firm was assessed on its cyber security strategy and execution, and ranked accordingly. Only 10% achieved high enough marks in both areas to qualify as cyber security ‘experts’.

Among the key findings:

  • Cyber attacks reach a new intensity: More than three in every five firms (61%) experienced a cyber incident in the past year, up from 45% in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted.
  • More small and medium-sized firms attacked this year: While larger firms are still the most likely to suffer a cyber attack, the proportion of small firms (defined as those with less than 50 employees) reporting an incident is up from 33% to 47%. Among medium-sized firms (50 to 249 employees) the proportion has leapt from 36% to 63%.
  • Cyber losses soar: Among firms reporting attacks, average losses associated with all cyber incidents have risen from $229,000 last year to $369,000 – an increase of 61%. For large firms with between 250 and 999 employees cyber-related losses now top $700,000 on average compared with $162,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of $48 million.
  • More firms fail cyber readiness test: Using a quantitative model to assess firms for their cyber readiness, only one in ten (10%) achieved ‘expert’ status this year, slightly down from 11% in 2018. Nearly three-quarters (74%) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
  • Cyber security spending up by a quarter: The average spend on cyber security is now $1.45 million, up 24% on 2018, and the pace of spending is accelerating. The total spend by the 5,400 firms in the survey comes to $7.9 billion. Two-thirds of respondents (67%) plan to increase their cyber security budgets by 5% or more in the year ahead.

Gareth Wharton, Hiscox Cyber CEO, commented: ‘This is the third Hiscox Cyber Readiness Report and, for the first time, a significant majority of firms report one or more cyber attacks in the past 12 months. Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The cyber threat has become the unavoidable cost of doing business today. The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.’

The study also shows:

  • Wide disparity in readiness scores: Overall, US, German and Belgian firms score highest on the cyber readiness model, while more than four-fifths of French firms (81%) are in the ‘novice’ category. Along with the Netherlands, France has the smallest proportion of large and enterprise firms that rank as ‘experts’, at 9%.
  • Cost figures skewed by large incidents: Among firms that were targeted by hackers, there has been a sharp rise in the cost of the biggest single incident reported in the past year. The mean cost has jumped from $34,000 to a fraction under $200,000.
  • Supply chain incidents now commonplace: Nearly two-thirds of firms (65%) have experienced cyber-related issues in their supply chain in the past year. Worst affected are technology, media and telecoms (TMT) and transport firms. The majority of firms (54%) now evaluate the security of their supply chains at least once a quarter or on an ad hoc basis.
  • Reasons to be optimistic: The proportion of firms with no defined role for cyber security has halved in the past year – from 32% to 16% - and there has been a marked fall in the number of respondents saying they changed nothing following a cyber incident (from 47% to 32%). New regulation has also prompted action, with 84% of Continental European firms saying they have made changes following the advent of the General Data Protection Regulation (GDPR). The figure for UK firms is 80%.
  • Rising uptake of cyber insurance: More than two out of five firms (41%) say they have taken out cyber cover in the past year (up from 33% in 2018). A further 30% plan to take out cover in the year ahead. More than half of larger firms now have cover but only 27% of small firms.


For further information please contact:

On behalf of Hiscox Ltd
Caroline Cecil                +44 (0) 20 7610 4110                 [email protected]

Notes to editors

A full copy of The Hiscox Cyber Readiness Report 2019 can be accessed at www.hiscox.co.uk/cyberreadiness from 23 April 2019.

About the study

Hiscox commissioned Forrester Consulting to assess organisations’ cyber readiness. In total 5,392 professionals involved in their organisation’s cyber security effort were contacted (1,000-plus each from the UK, US, and Germany, and 500 each from Belgium, France, Spain and the Netherlands). Drawn from a representative sample of organisations by size and sector, these are the men and women on the front line of the business battle against cyber crime. Respondents completed the online survey between 12 October and 7 December 2018.

About The Hiscox Group

Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected specialist insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle. It’s a long-standing strategy which in 2018 saw the business deliver a profit before tax of $137.4 million in a challenging year for insurers.

The Hiscox Group employs over 3,300 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the US, we offer a range of specialist insurance for professionals and business customers as well as homeowners. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re & ILS.

Our values define our business, with a focus on people, quality, courage and excellence in execution. We pride ourselves on being true to our word and our award-winning claims service is testament to that. For more information, visit www.hiscoxgroup.com.

Download the Hiscox Cyber Readiness Report 2019.

Carnegie joins Hiscox to head up commercial property team

Paul Carnegie has joined Hiscox London Market as Line Underwriter for Commercial Property, with a focus on US business. Formerly at Ed Broking where he ran its North American MGA – Globe Underwriting – as well as being the COO of Globe UK, Carnegie began his insurance career at Kiln (now Tokio Marine Kiln) before moving into a variety of roles including at a wholesale MGA in New York.

Commenting on his new position, Carnegie says: “I saw that Hiscox, with its innovative products like FloodPlus and BindPlus, is one of the few companies putting significant money and effort into how it transacts business and is constantly looking to improve its distribution.

“Hiscox has a young team of people who want to push our industry forward, while we also have a readymade platform to change the way that the market in London operates and that’s very exciting to me.”

Heading up a team of five in London, Carnegie reports to Simon Morgan – Head of Property at Hiscox London Market, who comments: “Paul has worked at almost every stage along the insurance chain from his stints at a US MGA, wholesale broker, London broker, a London MGA and a Lloyd’s syndicate, which makes him superbly qualified to lead our Commercial Property team. He understands the pain points for our customers and will be a real asset to us as we continue to evolve our products and the way we service our clients.”

“It’s a rapidly changing marketplace and risk transfer is now very different,” adds Carnegie. “We have to make sure we constantly reassess our value proposition in commercial property, what we bring to the market and how we can better support our MGA partners and get our products to clients more efficiently.”

Hiscox Ltd full year results

Group key performance indicators 

For the year ended 31 December 2018



  • Profit before tax tripled to $137.4 million (2017: $39.7 million), with a strong underwriting result of $148.0 million (2017: $43.0 million) in another busy year for claims. 
  • Gross premiums written grew by 15.0% with double-digit growth in all segments.
  • The standout performer was Hiscox London Market, which returned to growth and profit after three years of disciplined cycle management.
  • Hiscox Retail wrote over $2 billion of premium and served one million customers for the first time, and its profits cover the dividend for the third consecutive year.  
  • Hiscox Re & ILS was impacted by a second year of significant natural catastrophes and some large individual claims. Kiskadee Investment Managers’ assets under management now at $1.5 billion.
  • Ongoing investment in brand and infrastructure to capture long-term growth opportunity continues.

Click here for the full report