AXIS

Global 24x7 rapid triage and support resource to help primary policyholders navigate a cyber incident and expedite approved service providers.

Overview session hosted by AXIS Cyber Risk Advisory, covering the latest resiliency services, details on Incident Commander, and ongoing engagement support.

A secure space for out-of-band communication and incident management, serving as a repository for critical documents to support response and recovery.

A remotely delivered tabletop drill designed for a policyholder’s executive team to experience a realistic cyber incident scenario, followed by an available after-action report. This two-hour session leverages the AXIS Safe Room (CYGNVS) platform to enhance communication and train the response team.

A strong starting point and practical guidance document, developed by cyber incident responders, to help customers measure and strengthen their plan.

Quarterly updates for cyber risk practitioners and defenders, featuring threat advisories, emerging trends, upcoming events, and guidance from Incident Commander.

• Incident Response Plan Workshop

  An interactive incident response plan reviewed by a cybersecurity expert, comparing the organization’s currentplan against best practices and providing clear, actionable recommendations for improvement.

• Breach Response Panel Information Sessions

  A one-hour consultative session with members of AXIS’s preferred provider panel, including Privacy Attorneys, Digital Forensics/Incident Response, Crisis Communications, and Forensic Accounting.

• Business Interruption Exposure Consultation ($)

  An assessment of the business interruption impact of a cyber incident, including potential losses, financial impact modeling, mitigation costs, technology resilience, and guidance on documentation retention to strengthen the organization’s business continuity plan.

• Customized Tabletop Exercise ($)

  A customized incident response tabletop exercise tailored to the organization’s unique exposures, regulatory requirements, and technical challenges. Delivered virtually, the session includes a written report provided during a debrief meeting.

• Ransomware Recovery Evaluation ($)

  A focused review of the organization’s ability to restore minimum viable operations following a ransomware event. This includes up to six critical business applications and the M365 (or equivalent) productivity suite, as well as an evaluation of back-up and recovery configurations, identity and access controls, and core infrastructure within a single environment. The report will provide an estimated recovery time and identify gaps that threaten data survivability.

• Bitsight Company Overview Report

  A snapshot of the policyholder’s BitSight Security Rating, including a historical overview of the company’s rating and overall security performance.

• LOKKER Privacy Risk Assessment Report

  A report to assess, identify, and mitigate web privacy risks at the organization, site, or URL level that could lead to a privacy breach, enforcement action, or lawsuit.

• Cyber Risk Workshops

  Expert-led workshops and consultative sessions that raise awareness of emerging threats and equip organizations with practical knowledge to strengthen cyber resilience across specific risk areas.

• Security and Awareness Training/Phishing ($)

  Implement one of several programs to customize and distribute end-user training content, including phishing simulations, with reporting and metrics.

• Virtual-CISO or -DPO Consulting

  A one-hour consultative session with a cybersecurity or dataprivacy expert to provide tailored guidance. Topics include data governance requirements, personal data processing and consent, opt-out and privacy rights, vendor due diligence, security controls, and prioritization of resilience investments.

• AI Regulatory Landscape Review

  Engage a third-party data privacy expert for a 30-minute session to review the current and emerging AI regulatory landscape and its potential impact on the organization.

• AI technical readiness workshop

  A one-hour workshop to guide organizations through their implementation journey toward AI-enabled services. Key topics include mitigating bias, data poisoning, privacy risks, and data security.

• Identity and Multifactor Authentication Gap Assessment

  Conduct a risk assessment to identify gaps in multifactor authentication (MFA), service accounts, and privileged access protection. Deliverables include a comprehensive risk assessment report and an identity incident response playbook.

• Attack Surface Evaluation

  An offensive security expert will assess the policyholder’s primary domain attack surface using asset discovery, passive scanning, and threat research, delivering findings on commonly exploited vulnerabilities.

• Third-party Cyber Risk Review ($)

  Cyber risk review of a critical third-party vendor, including an attack surface evaluation and a verbal consultation on best practices to manage risks.

• Penetration Testing Services ($)

  An expert team will conduct internal/external penetration testing, web application testing, social engineering, wireless/ physical testing, and/or ransomware simulation exercises.

• Dark Web Exposure Review ($)

  A rapid review of underground forums, the dark web, and other cybercriminal channels to identify any references to the policyholder. Findings will focus on a single brand and be presented in a verbal briefing, along with recommendations to mitigate high-risk issues.

• Cloud Application Security Review ($)

  Assess one Google Workspace or M365 tenant against security best practices and provide actionable recommendations to help enhance resiliency.