Cyber insurance has moved from the back office to the boardroom. At Tokio Marine Kiln (TMK), it now begins with daily scans of clients’ networks and real-time alerts about live vulnerabilities - a proactive model that reflects how far the market has come.
“When I joined the cyber team in 2011 … there were a handful of insurers offering cyber coverage,” said Laila Khudairi (pictured), head of cyber at TMK. “A lot of my job was doing lunch and learns, broker education, teaching them about the product.”
What began as an indemnity-focused policy has grown into a critical part of enterprise risk strategy. “It evolved into incident response being as important as the indemnity,” Khudairi said. “Now … the real partnership is between insurer and client, helping them risk manage and reduce their exposures.”
That shift is embedded in TMK’s “Cyber Ctrl” suite, which now offers daily network scans and targeted alerts. “We utilise an in-house tool to scan every insured’s network daily,” she said. “We make between three and five updates to that tool every week, dependent on either claims we’re seeing, or more widely threats that are going on elsewhere.”
In addition to technology, TMK also guides clients to selected vendors. “There can be a lot of over-promising and under-delivery,” said Khudairi. “That’s why we take the time to hand-select those services, so our insureds can find and work with the right vendors.”
Asked what’s keeping CISOs up at night, Khudairi points to two trends. First, the increasing risk posed by third-party vendors. “You do not have full visibility of the vendor’s security,” she said. “You could end up having something within your system that you don’t even know is vulnerable.”
The second is a new class of threat actors using advanced social engineering techniques. “They’re far more believable … A number of the cyber incidents we’ve seen this year have emanated from that,” said Khudairi. With native English speakers and access to AI, attackers are now able to craft messages and impersonations that are strikingly credible.
“Impersonation is so much more believable with AI … That makes social engineering attacks far more likely to succeed,” Khudairi said. But AI isn’t solely a threat. “Endpoint detection and response - it’s highly utilised and we support it massively in terms of a defence tool. EDR will improve as AI improves.”
Cyber insurance has been criticised as reactive. But Khudairi said that’s changing. “Every claim we have feeds into [our internal] tool to help prevent future losses for our insureds,” she said. “We are acutely aware of the knowledge and experience that we have and ensure that we utilise that to help our entire portfolio.”
Reducing insureds’ exposure, not just covering it, has become central to how TMK approaches cyber risk. “Humans are often the weakest link in cybersecurity … that combination of the [AI] and English-speaking hackers is a real worry,” said Khudairi. “The partnership and collaboration has to be the priority of insurers in the market.”
