When you search for AXIS cyber information, you'll find product names like AXIS Cyber Technology & Media, AXIS Cyber Infrastructure, and AXIS Cyber Marine. But in broker conversations—especially those focused on mid-market risk—you're more likely to hear "ACTM." That's because ACTM isn't just a nickname. It's the entire product architecture that matters to how you position, underwrite, and place accounts.
ACTM stands for AXIS Cyber Technology & MPL (Media, Professional Liability). It's the carrier's primary vehicle for mid-market cyber and liability accounts with up to $2 billion in annual revenue [1]. Understanding ACTM means understanding not just what AXIS covers, but how they package coverage and what that means for your submission strategy.
Why Brokers Search "ACTM" Instead of "AXIS Cyber"
The public AXIS product page makes the strategic intent clear: ACTM offers "customizable combinations of cyber and liability coverages to fit small, middle-market, and large businesses." That phrasing—"customizable combinations"—is the key insight [1].
AXIS recognized a real market gap. Many brokers work with clients whose risk exposures don't fit neatly into "cyber-only" or "professional liability-only" silos. A software firm needs coverage for data breach AND technology errors & omissions. A digital agency needs cyber coverage AND media liability for client IP infringement claims. A financial-technology startup needs cyber coverage AND crime/social-engineering coverage AND professional liability.
Traditional cyber carriers solve this problem by stacking separate policies, which creates overlap, coverage gaps, and coordination headaches. ACTM solves it differently: you build the policy around your client's exposure mix.
That's why brokers search for "ACTM." It's not the default cyber product. It's the one you choose when you need modularity without sacrificing underwriting depth.
The ACTM Product Architecture
ACTM is available on both admitted and non-admitted (surplus lines) basis depending on your state and jurisdiction [1]. For brokers, this means flexibility: you can place the same product through standard channels or surplus lines depending on state availability and client preference.
Coverage Limits and Structure
ACTM supports up to $25 million in combined limits [1]. For most mid-market accounts, that's plenty; for enterprises approaching $2 billion in revenue, higher limits may require escalation to AXIS Cyber Infrastructure (ACI). The product is designed to accommodate waiting-period structures (common in business interruption), cloud service outages, and public utility disruptions—all relevant to modern data-driven businesses.
The Modular Packaging Advantage
Here's what makes ACTM different from traditional cyber policies:
Cyber Liability covers the traditional breach response: forensic investigation, notification costs, credit monitoring, business interruption from network outage, and recovery expenses [1].
Business Interruption (BI) covers loss of income and extra expenses from interruption to the insured's network or a service provider's network. AXIS specifically contemplates cloud service outage and public utility outage scenarios, which matters for SaaS companies and cloud-dependent operations [1].
Crime covers financial loss from cyber crimes: computer fraud, social engineering, diverted receivables, theft of telecom/data transmission/utility services, and funds-transfer fraud (can be added). Includes costs to investigate, reverse, or correct fraudulent transfers [1].
Extortion covers ransom-demand response costs, legal representation to communicate with law enforcement and address OFAC compliance concerns, and first-72-hour flexibility [1].
Incident Response includes fraud protection and notification services, plus post-incident consulting. AXIS pairs this with their Cyber Incident Commander panel—pre-vetted breach coaches, forensic investigators, and crisis communications specialists [1].
Technology Errors & Omissions (E&O) for technology service providers, custom developers, tech consultants, and software firms. Covers liability from technology services you deliver [1].
Media Liability covers defamation, invasion of privacy, and copyright/IP infringement claims. Relevant for digital agencies, content firms, and media-heavy tech companies [1].
Network Security Liability covers payment card compromise and network interruption claims [1].
The point: you're not forced to take cyber + liability in fixed proportions. You package the coverage your client actually needs.
The Public Application Library
One of AXIS's unusual strengths is transparency in their underwriting approach. ACTM has a published application library available to brokers [1]:
- Main Application: The primary underwriting vehicle for most accounts, covering business profile, IT infrastructure, security controls, incident response readiness, and compliance requirements
- Ransomware Supplemental: Deep-dive on ransomware-specific controls (RDP, MFA, patch targets, EDR, SOC/MSSP coverage, email authentication, end-of-life systems)
- Small Business Application: Streamlined version for smaller accounts or simpler risk profiles
- Industry Supplementals: Additional forms for retailers, manufacturers, utilities, and other specialized sectors
- Renewal Application: Simplified form for renewal underwriting of existing ACTM policies
This transparency means two things for brokers:
First, you can see exactly what AXIS expects before you submit. No surprises at underwriting—the bar is public.
Second, you can prepare your client strategically. If a renewal application is simpler than the initial application, you know to front-load evidence during the first submission. If a ransomware supplemental is likely, you can coordinate that evidence collection early.
What AXIS Looks for in ACTM Submissions
AXIS underwriting on ACTM is disciplined and evidence-based. They're not checking boxes; they're assessing operational maturity. Here are the core evaluation areas:
Asset Visibility & End-of-Life Management
Before AXIS even evaluates your security stack, they want proof of asset visibility. Do you maintain an up-to-date hardware and software inventory? Is it automated or manual? What percentage of assets are tracked? How often is it refreshed?
For end-of-life systems—legacy hardware and unsupported software—what controls are in place? Are EOL systems tracked, segmented, monitored, and on a decommissioning roadmap? This signals operational maturity [2].
Centralized Logging & Security Operations
Does the organization have a SIEM (Security Information and Event Management)? If so, what does it cover? Is network-log coverage complete, or partial? How frequently are logs reviewed? How long are they retained?
More importantly: is there a SOC (Security Operations Center) monitoring these logs? Is it staffed 24/7/365, or on business hours? Can SOC staff take corrective action, or are they escalation-only? If using an MSSP (Managed Security Service Provider), what are their notification and response time SLAs?
This is where AXIS distinguishes between "we have logging" and "we have active security operations." The difference matters significantly for claims outcomes [2].
Hardened Configurations Across Your Stack
AXIS asks about security hardening across multiple layers: laptops, workstations, mobile devices, web applications, servers, databases, and security applications themselves. This isn't a checkbox; it's about demonstrating that your client has a standardized configuration management program that extends across the entire environment.
How often are hardened configurations reviewed and updated? Are they enforced via Group Policy, configuration management tools, or manual deployment? This is especially important for remote-first organizations where endpoint consistency can drift [2].
Backup Architecture & Restoration Testing
This is one of the highest-leverage areas in the ACTM application. AXIS expects:
- Segmentation: Are backups segregated from production systems so a ransomware infection doesn't immediately destroy backups?
- Access controls: Are backup service accounts unique and stored separately from production admin credentials?
- Encryption: Are backups encrypted, and are encryption keys stored offline (not on the backup storage system)?
- Immutability: Are backups write-once, preventing modification or deletion?
- Offline movement: How frequently do you move backup data offline or to an air-gapped location?
- Restoration testing: How often do you test full or large-scale restoration? (AXIS expects at least quarterly; monthly is better.)
- Redundancy: Do you have hot sites, warm sites, snapshots, or failover environments configured for critical systems?
If your client can't document regular restoration testing, AXIS will almost certainly request it before quote. This is foundational to ransomware recovery and claims defense [2].
DLP, Encryption, and Data Controls
Does the client use Data Loss Prevention (DLP) tools? Do they block transmission of sensitive data off the network? Is removable storage (USB drives, external hard drives) monitored and restricted? Are alerts configured for exfiltration, deletion, or unusual data movement?
For organizations that handle PCI, HIPAA, or other regulated data, these controls directly impact compliance and underwriting risk [2].
Email Security & Microsoft 365 Posture
AXIS asks about specific email-security controls: DKIM, DMARC, SPF, malware/phishing/SPAM blocking, malicious-attachment blocking, macro disabling, sandboxing, external-email tagging, and quarantine processes.
If the client uses Microsoft 365, AXIS specifically asks about:
- Microsoft Defender for Office 365 (ATP): Is it enabled?
- Microsoft Secure Score: What's the percentage? (AXIS expects 80%+)
This is a high-SEO area in the ACTM form. It's concrete, technical, and directly relevant to MSP operators and IT managers who often prepare the application [2].
Firewall & Segmentation Hygiene
AXIS expects:
- External firewalls for perimeter defense
- Internal firewalls between network segments
- Default passwords changed on all network devices
- IP filtering for known-malicious addresses
- Documented firewall policies with change control
- Separation of development, testing, and production environments
- Least-privilege network access
- Access reviews (quarterly minimum)
The principle: intentional segmentation of high-value assets, not a flat network [2].
Why ACTM Fits Specific Account Profiles
ACTM is not the right product for every account. It's designed for mid-market businesses whose exposures are more complex than traditional cyber-only policies. The best candidates include:
Technology Service Providers: Custom software developers, managed IT service providers, tech consultants. They need cyber liability for breach response, but also technology E&O for errors in the services they deliver. ACTM bundles both [1].
Digital & Media Firms: Digital agencies, content creation companies, design studios. They need cyber coverage for data breaches, plus media liability for copyright, IP infringement, and privacy claims from client work. ACTM packages both [1].
Data-Driven & SaaS Companies: SaaS platforms, analytics firms, data intermediaries. They need cyber coverage for breach response, plus crime/extortion for social engineering and ransom demands, plus business interruption for cloud outages. ACTM covers all [1].
Financial Technology: Fintech firms, lending platforms, payment processors. They need cyber, crime, extortion (ransom demands), business interruption, and professional liability. ACTM's modularity handles the mix [1].
E-commerce & Marketplaces: Online retailers, marketplace operators. They need cyber for breach response, business interruption for site outages, crime for fraud, and sometimes media liability for user-generated content claims [1].
For simpler accounts—pure software, pure IT services, or companies with straightforward exposures—standard cyber-only policies may be sufficient. ACTM's value is in handling the cross-currents.
Preparing an Account for ACTM Submission
1. Lead with Public-Facing Hygiene
Accounts with weak internet-facing posture lose credibility fast. Before deep-diving into the application, get the outside-in layer clean:
- Domains: Check SPF, DKIM, DMARC records. They should all be fully implemented.
- Email security: Verify email authentication and the absence of obvious spoofing vectors.
- TLS/SSL posture: Check for valid certificates and absence of deprecated TLS versions.
- Exposed services: Scan for exposed RDP, databases, or admin panels that shouldn't be internet-facing.
- Certificates: Validate that sensitive services use current certificates without warnings.
Use BindLedger's free Cyber Risk Scan (/scan) to identify public-facing vulnerabilities before submission. This one step often catches issues that would otherwise trigger underwriting questions [3].
2. Decide the Exposure Path Upfront
AXIS publishes multiple supplementals: ransomware, small business, industry-specific. Don't wait until the main application is underway to identify which supplements apply.
- Is the account at high ransomware risk (critical infrastructure, healthcare, finance)? Assume the ransomware supplement will be required.
- Is the account a small business (under $5M revenue)? The small business application may be more efficient.
- Is the account a retailer, manufacturer, or utilities company? Identify industry supplements early.
This upfront assessment prevents resubmission delays and signals to the underwriter that your application is organized.
3. Organize Evidence Around MSP/Client Owners
The ACTM application is detailed enough that no single person can complete it from memory. Broker success depends on distributing evidence collection:
- MSP or internal security team: MFA configuration, EDR deployment, SIEM/SOC operations, email security, patch management, backup architecture, log retention
- IT/Operations owner: Network segmentation, firewall policies, disaster recovery plans, vendor dependencies, asset inventory, incident response readiness
- Finance/Legal owner: Vendor contracts, audit compliance (PCI, HIPAA, SOC 2), incident response retainers, biometric controls, social-engineering/funds-transfer safeguards
- Compliance/Privacy owner: Data governance, data classification, DLP controls, retention policies, breach notification procedures
The broker's job is coordinating these inputs into a cohesive application—not filling it out alone.
4. Use BindLedger's Carrier Decoder for Evidence Organization
Rather than scattered email chains and screenshots, structure technical evidence using BindLedger's Carrier Decoder (/tools/supplement-parser). This tool helps organize MFA matrices, EDR deployment details, backup architecture diagrams, and SOC/MSSP SLA documents into formats that underwriters parse quickly.
For brokers managing multiple ACTM submissions, this standardizes how evidence is collected and presented—saving time across your book and improving approval rates [3].
ACTM's Role in the AXIS Product Portfolio
ACTM is the heart of AXIS's mid-market cyber business. It sits between:
- Small business segment (under $50M revenue): Often placed through AXIS's Elpha Secure partnership, which bundles security monitoring with insurance [1]
- Large mid-market & enterprise ($2B+ revenue): AXIS Cyber Infrastructure (ACI), which requires significantly deeper underwriting and often field visits [1]
For brokers, this means ACTM is the workhorse. Most of your AXIS cyber placements will fall into this zone. Understanding ACTM's architecture, application requirements, and evidence expectations is the foundation for building a productive AXIS partnership.
Comparison to Other AXIS Products
ACTM vs. ACI (Cyber Infrastructure)
| Factor | ACTM | ACI |
|---|---|---|
| Revenue Limit | Up to $2B | $2B+ (enterprise) |
| Complexity | Mid-market standard | Enterprise-grade deep diligence |
| Application | Standard + supplementals | Custom with field underwriting |
| Limits | Up to $25M combined | Higher, customized |
| Ideal For | Modular cyber + liability needs | Large enterprises, complex exposures |
ACTM vs. Cyber Marine
AXIS Cyber Marine is a specialized product for maritime and shipping-industry cyber exposures. ACTM is broader and better-suited for technology, digital, and general mid-market risk [1].
ACTM vs. Small Business (Elpha Secure)
For accounts under $50M revenue that want active security monitoring bundled with insurance, AXIS's Elpha Secure partnership may be more efficient than ACTM. Elpha provides continuous endpoint monitoring and threat response, reducing security blind spots [1].
How ACTM Pricing & Terms Work
ACTM pricing is modular, meaning your client's premium reflects the specific coverage they select. A pure cyber-focused policy is less expensive than the same policy with added technology E&O and media liability.
Key pricing drivers:
- Revenue & industry: Larger, higher-risk industries pay more
- Claims history: Clean history = better rates
- Security posture: Strong MFA, EDR, backup, and SOC controls lower premium
- Limits selected: Higher limits = higher premium
- Deductible/retention: Larger retentions reduce premium
- Waiting periods: Longer waiting periods (especially on BI) reduce premium
AXIS is transparent about underwriting standards, which means you can often predict pricing feedback before formal submission. If a client has weak backup architecture or no centralized logging, expect underwriting pushback or premium impact.
The ACTM Application Workflow: A Broker Checklist
Here's a practical framework for moving an ACTM account through underwriting efficiently:
Phase 1: Pre-Submission Readiness
- Run BindLedger's Cyber Risk Scan to identify public-facing issues
- Verify domain/email authentication (SPF, DKIM, DMARC)
- Confirm product fit: ACTM vs. ACI vs. Elpha Secure
- Determine which supplementals apply (ransomware, industry, small business)
- Identify evidence owners (MSP, IT, finance, legal)
Phase 2: Evidence Collection
- MFA configuration matrix (VPN, RDP, cloud apps, email)
- EDR vendor name, deployment %, monitoring SLA
- SIEM/SOC details (vendor, log coverage, retention, review cadence, staffing)
- Backup architecture (immutability, segmentation, offline storage, restoration test frequency)
- Email security controls (DKIM, DMARC, SPF, ATP, Secure Score %)
- Firewall/segmentation policy (internal/external, least privilege, access review frequency)
- Patch management SLAs and compliance metrics
- Incident response plan, team, retainers, recent exercises
- Vendor inventory and risk assessment process
- DLP controls and monitoring
- Hardened configuration baseline across endpoints and servers
Phase 3: Application Submission
- Complete main application with accurate business profile and IT overview
- Attach supplementals (ransomware, industry, small business) if applicable
- Organize evidence packet using Carrier Decoder format
- Submit clean, comprehensive application with cross-referenced evidence
Phase 4: Underwriting
- AXIS may request clarifications or additional evidence
- Respond promptly with specifics (not vague reassurances)
- Escalate gaps to MSP/client for remediation if needed
- Negotiate quote terms and conditions
- Bind coverage
This workflow typically takes 2-4 weeks for clean submissions, longer for accounts needing remediation.
Frequently Asked Questions
Q1: Does ACTM automatically include Cyber Incident Commander?
A: Yes. The Cyber Incident Commander panel—AXIS's network of breach coaches, forensic investigators, notification vendors, and crisis communications specialists—is included with all AXIS cyber coverage (ACTM and ACI). This is one of AXIS's key differentiators and a valuable selling point to your clients [1].
Q2: Can we mix ACTM with other AXIS products?
A: Generally, no. ACTM is a standalone product. If a client needs both ACTM and a separate professional liability policy outside the modular structure, that requires a different underwriting conversation. For most mid-market accounts, ACTM's modularity handles the mix.
Q3: How does ACTM handle remote workforce coverage?
A: ACTM covers data breach and incident response globally if the policy is written worldwide (which is standard). However, AXIS expects strong MFA, EDR, and remote-access controls for remote-first organizations. The underwriting scrutiny is higher for distributed teams because attack surface is larger.
Q4: What's the renewal underwriting process for ACTM?
A: Renewal underwriting is simplified. AXIS uses the Renewal Application (lighter than the main application) if there have been no material changes. Claims history, security posture improvements/declines, and compliance changes all factor into renewal terms. Clean renewals are typically faster than new-business underwriting [1].
Q5: Can we add technology E&O to an existing cyber-only policy?
A: This depends on the existing policy and AXIS appetite. If the original policy was written with ACTM, adding E&O coverage is a modification. If it was written on a different product, it may require a new ACTM policy. Work with your AXIS broker representative on the cleanest approach.
Q6: What if our client can't meet the ransomware supplemental requirements?
A: AXIS will either decline, offer coverage with conditions (higher deductible, excluded coverage), or require the client to remediate specific controls. Common gaps: lack of 24/7 SOC, inadequate backup testing, or RDP exposed externally without MFA. The good news: these gaps are fixable. Work with the client on a remediation timeline and resubmit.
Key Takeaways for Brokers
ACTM is AXIS's most important product for your mid-market cyber book. It's not a generic cyber policy; it's a modular solution for clients whose risks cross multiple domains (cyber, technology E&O, media, crime, extortion).
To place ACTM effectively:
- Understand the exposure mix: Don't use ACTM for clients who just need cyber. Use it when cyber + adjacent liabilities matter.
- Prepare early: Start evidence collection 4-6 weeks before submission. Use the public application library to set expectations.
- Organize evidence strategically: Distribute collection to MSP, IT, finance, and legal. Don't force the broker to be the security expert.
- Leverage BindLedger tools: Use the Cyber Risk Scan to identify public-facing gaps and Carrier Decoder to organize technical evidence.
- Be specific, not vague: AXIS reviewers read dozens of applications weekly. Detailed, evidence-backed answers build confidence and accelerate underwriting.
For more on AXIS underwriting standards across all products, see our complete guide:
For related carrier guides:
- How to Answer the Beazley Cyber Insurance Application
- How to Answer the Tokio Marine HCC Cyber Insurance Application
Call-to-Action
Ready to place an ACTM account? Start with a free scan to identify public-facing security gaps before submission:
Then use our Carrier Decoder to organize technical evidence from your MSP and client into a submission packet AXIS reviewers can parse quickly: