Welcome to the AXIS Cyber Risk Advisory INCYTE newsletter
We share information and perspectives relevant to cyber risk practitioners and defenders, including threat advisory and trends, upcoming events, and updates from the AXIS Incident Commander.
As we move into the second half of 2025, cybersecurity challenges continue to evolve. AI integration, shifting regulations, interconnected supply chains, and rising privacy litigation remain key risks. While cybercriminals refine their tactics, old-school threats like insider attacks and even snail-mail ransomware made an appearance—proving that no method is too outdated to be effective. Staying ahead requires constant vigilance and proactive defense strategies.
Upcoming Event
Join our upcoming INCYTE CE/CPD webinar on July 17, 2025 on Artificial Intelligence.
AXIS Incident Commander provides 24/7 technical triage and support to customers facing cyber incidents. We distill our front-line experiences into key lessons for all.
We are seeing a relatively consistent quantity of malicious incidents, with phishing and social engineering being the top causes of unauthorized access to enterprise infrastructure. However, for ransomware and on-premises intrusions, phishing ranks second to CVE exploitation, especially on perimeter appliances such as VPNs. Businesses should consider prioritising patching as soon as updates are released, and refer to the manufacturers’ website during the process for any best practice guidance. Additionally, businesses should consider prioritizing appliance log archival in incident response plans. These logs are crucial for forensics, but self-delete within 12-24 hours, unless connected to a Security and Information Event Management (SIEM)—and are often overwritten before forensics can request preservation.
To learn more about the services available from AXIS Cyber Risk Advisory, please contact CyberRM@axiscapital.com
This material is provided for informational purposes only and is not an offer to sell, or a solicitation to buy, any particular insurance product or service for a particular insured. It is intended for licensed insurance professionals. The services and service provider discussed in this document are suggested as risk mitigation and incident response resources. Use of AXIS Incident Commander does not constitute advice of any kind, and use of any service provider does not guarantee the performance or quality of the services provided, including the avoidance of loss, the fulfilment of any obligations under any contract or compliance with any law, rule or regulation. AXIS is not responsible for the effectiveness of a cyber risk management program and encourages each policyholder, together with advice from their professional insurance advisor, to perform its own independent evaluation of any service provider as part of its overall risk management strategy.
For information about our products and underwriting companies, please see https://www.axiscapital.com/product-information
