Cyber Incident Room: €800,000 ransomware tear

In this episode, Andrew Saula Head of Cyber Security for Baobab, steps into the Cyber Incident Room to work through a claim in real time: what the first call actually sounds like, how you handle a client whose IT support is the operations manager’s nephew, and the question that quietly changes the temperature in the room. 

He’s also been flagging their weak credentials for months. which raises the harder conversation about what insurers owe policyholders who don’t know what to do with the warnings they’re given.

 

 

It’s Monday morning. A family-run logistics company with 40 years of history has had ransomware tear through their network over the weekend. Dispatch is down, the customer database is gone, and there’s an €800,000 ransom note with a 48-hour clock. The CEO keeps saying: “We’re just a logistics company, why would anyone target us?”

Andrew, welcome to the Cyber Incident Room.

We’ll be discussing frameworks for identifying concentration exposures in your portfolio, 3 realistic catastrophe scenarios with estimated impact ranges, and shared methodology for stress testing that both primary and reinsurer teams can use in renewals discussions.

What We’ll Tackle:
1. Cloud Infrastructure Aggregation
– Identifying hidden concentrations across AWS/Azure/GCP
– Business interruption triggers from single cloud provider failure

2. Software Supply Chain Dependencies
– Modeling downstream impact of critical vendor compromise
– CrowdStrike-style scenarios – operational failure vs. malicious attack

3. Correlation vs. Independence Assumptions
– Where current models underestimate simultaneous claims
– Geographic/sector diversification – does it actually reduce systemic risk?

4. Realistic Loss Scenarios & Stress Testing
– Building credible catastrophe scenarios with limited historical data
– PML estimates reinsurers will accept vs. what actuaries can defend

Why Now?
Reinsurers are increasingly challenging primary insurers’ accumulation assumptions, while regulators demand stress testing that current models can’t support. With limited historical data for systemic cyber events, both sides need new approaches to quantify concentration risk.

Attendees:
– Head of Cyber Cat Modeling/Portfolio Management
– Chief Actuary / CRO
– Reinsurance Brokers
– Reinsurer Underwriters & Cat Modelers

Participants

Guests

Phil Venables

Phil Venables

Partner @ Ballistic Ventures

Rick Caccia

Rick Caccia

CEO @ WitnessAI