Case Study: Technology

Past failure is not an indicator of future risk

Context:

A company in the tech and security industry experienced a data breach. They were in the business of protecting people’s homes, and their systems were compromised. After the incident, they could not find reasonable insurance coverage while shopping in the open market. Traditional insurance organizations needed to understand their risk profile. They did not have the visibility or in-house security team to validate their state of risk and assumed this company would have a high-risk security profile due to their history.

Problem:

Insurance offers were coming in for ⅓ of their original coverage, at 3X the price. Resilience recognized this was unreasonable and offered the company a reasonable insurance policy in exchange for internal visibility and associated services. Our security experts got to work reviewing the security posture of the client and were able to determine that they were actually a good risk. The problem was proving this company had a strong security posture, to make them eligible for better insurance coverage.

Solution:

We worked with this client with the goal of bringing them to a low-risk market status by helping them execute a cybersecurity roadmap after the incident. They had already made security improvements after the breach, yet we needed increased engagement levels and internal visibility to give us the confidence to stand behind their low-risk status. We then partnered with their CISO to help financially quantify their risk and identify the right financial incentives to build their organization’s cyber resilience.

Results:

Our security team was ultimately able to improve the security areas, which would positively impact the company’s insurance coverage. We proved to our underwriting team that this company had a stable risk profile, and helped them qualify for insurance coverage far below the price point offered by other providers. This company helped us prove that past failure is not an indicator of future risk. They maintain these practices and uphold strong cyber-resilience today.