Case Study: Finance

When cybersecurity and cyber insurance work in tandem, 20% security effort can deliver 20X risk transfer

Introduction:

A company in the finance industry came to Resilience with the goal of adopting our holistic approach to cyber risk and utilizing targeted security controls to qualify for better coverage. The company was small, with a small IT staff who only dedicated approximately 20% of their time to cyber security. They had minimal security tools and controls, which led to high sub-limits and meager ransomware coverage.

Problem:

To remain within our tolerance, Resilience was only able to offer the client $250k in ransomware coverage initially. They purchased our Edge solution to unify their technical and financial needs. Resilience’s expert security team worked in tandem with our insurance and cyber risk quantification teams to construct an actionable cyber hygiene plan to help the client qualify for better coverage.

Solution:

Resilience designed a cyber hygiene plan which engaged advanced security controls, quantified their risk, and prioritized the risks that mattered most to their organization. Our security team built a relationship with their IT staff and security team, educating them on managing their unique and complex cyber risk and helping them implement best security practices enterprise-wide. Throughout the length of their policy, we held meetings with the client to ensure the new implementations would satisfy underwriter requirements to eliminate their sub-limits and provide higher ransomware coverage at renewal.

Results:

As a result of our human-in-the-loop partnership with our experts and following our tailored cyber hygiene plan, the client received $5M in ransomware coverage at renewal due to their improved security controls. That is 20X the ransomware coverage after one renewal term. The client continued to improve their cyber hygiene through advanced cybersecurity assessment and quarterly engagements and renewed this engagement at the end of their policy. Rather than acting as an insurance provider or security vendor, we’ve built a long-term partnership and become advisors on this client’s path to cyber resilience.