Cyber Incident Room: AI-Generated Phishing Email

It’s Friday at 4pm. A mid-market software company is haemorrhaging customer data and source code, and the attacker is already using what they’ve stolen – sending AI-generated phishing emails to the company’s own customers, mimicking internal tone and terminology with unsettling precision.

In this episode, Martin Heyde Head of Incident Response at CFC steps into the Cyber Incident Room to walk through exactly how a response like this unfolds: who gets called, what the first report gets wrong, and the moment you realise the claim is going to be bigger than anyone wanted to admit.

 Martin also brings a perspective few responders have, having worked both sides of the insurer relationship, and gives a refreshing take on what the insurance industry often misunderstands about how companies actually behave under pressure.

We’ll be discussing frameworks for identifying concentration exposures in your portfolio, 3 realistic catastrophe scenarios with estimated impact ranges, and shared methodology for stress testing that both primary and reinsurer teams can use in renewals discussions.

What We’ll Tackle:
1. Cloud Infrastructure Aggregation
– Identifying hidden concentrations across AWS/Azure/GCP
– Business interruption triggers from single cloud provider failure

2. Software Supply Chain Dependencies
– Modeling downstream impact of critical vendor compromise
– CrowdStrike-style scenarios – operational failure vs. malicious attack

3. Correlation vs. Independence Assumptions
– Where current models underestimate simultaneous claims
– Geographic/sector diversification – does it actually reduce systemic risk?

4. Realistic Loss Scenarios & Stress Testing
– Building credible catastrophe scenarios with limited historical data
– PML estimates reinsurers will accept vs. what actuaries can defend

Why Now?
Reinsurers are increasingly challenging primary insurers’ accumulation assumptions, while regulators demand stress testing that current models can’t support. With limited historical data for systemic cyber events, both sides need new approaches to quantify concentration risk.

Attendees:
– Head of Cyber Cat Modeling/Portfolio Management
– Chief Actuary / CRO
– Reinsurance Brokers
– Reinsurer Underwriters & Cat Modelers

Participants

THis episode's Guest

Martin Heyde

Martin Heyde

Head of Incident Response @ CFC

Rick Caccia

Rick Caccia

CEO @ WitnessAI