As 2023 comes to an end, we are looking back on our top five most popular blog posts that helped shape our understanding of what it means to be cyber-resilient.
1. Moneyballing Cyber Resilience
Chief Cyber Resilience Officer Richard Seiersen wrote “Moneyballing Cyber Resilience” as a follow-up to his first webinar, “Superforecasting.” The book, Moneyball, is about how finding the right object and method of measurement can help create an advantage over the competition, a connection Seiersen draws between that and finding the right object and measurement measurement method for effective cyber risk management. and cyber risk forecasting.
Finding the right object and method of measurement is a major facet of building a Cyber Resilience strategy. Identifying these objects is necessary to help align cybersecurity, risk management, and business leadership on the same objectives. Once they have a shared objective, they can make decisions together to share with the board – or, as Seiersen calls them, the “money people.” Communicating with the money people requires speaking a language they understand, and that means translating cyber risk into dollars and cents.
If you want to go deep on how to “Moneyball” your cyber risk, you can also watch the first installment of Rich’s webinar series, “How to Build a Defensible Cybersecurity Budget.”
2. The Rise of the Cyber Resilient Leader
Before his elevation to Chief Cyber Resilience Officer (CCRO), the first in the industry, Rich Seiersen wrote “The Rise of the Cyber Resilient Leader,” outlining why this new role is important in helping organizations better manage their cyber risk. This piece established the backbone of the Chief Cyber Resilience Officer mindset and the responsibilities that the role entails, working as a comprehensive guide for cybersecurity professionals who hope to take on these responsibilities.
“Risk leaders must make trade-offs. They must respond responsibly to economic headwinds. And they must react to the myriad threats created by digital transformation,” said Seiersen. “A cyber resilient leader makes those tradeoffs without exacerbating loss nor incurring moral hazard. They operate from a set of principles that emphasize building economically efficient strategies. “
If you want to read more about the new role of the CCRO, you can read our newest blog on this role.
3. The Resilience Mid-Year 2023 Claims Report
Resilience’s mid-year 2023 claims report made considerable contributions to our understanding of the current risk landscape and how we believe it would continue to evolve throughout the end of 2023. The report was built on five key findings made from both Resilience’s internal data and data from ransomware incident response partner Coveware, blockchain analytics firm Chainanalysis, security partner Zscaler, and security firm Sophos.
Our findings showed us that ransomware is evolving as organizations become more resilient against making extortion payments. This has led threat actors to shift in two ways: going after larger organizations that have deeper pockets in hopes that they will be more inclined to make a payment and shifting to large-scale third-party breaches to hit more organizations at once. This shift has led third-party risk to become Resilience’s top cause-of-loss AND point-of-failure.
“This shift in Resilience claims data demonstrates how suddenly the threat landscape evolves as criminal actors create their own criminal market forces, sometimes including regulating their affiliates. These forces directly affect the insurance market, as clients feel the impact through incidents, and insurers see the correlating rise in claims.”
To learn more about Resilience’s internal findings and how we’ve helped our clients build cyber resilience, check out our 2022 Claims Report.
4. Why Enterprises Need More Than Insurance
Though incredibly important to the entire cyber risk management process, insurance alone is not enough to build Cyber Resilience. Insurance is designed to transfer risk, not mitigate it or help you understand your tolerance to risk, which is why finding the right balance between risk acceptance, security controls, and risk transfer, is necessary to protect your environment.
“In a cyber risk climate where adversary tactics are constantly shifting, Resilience’s holistic approach to risk management has helped us achieve loss ratios that are less than 1/3rd of the industry average in 2022 and has had dramatic results in keeping clients resilient to ransomware.”
For more about our approach to managing cyber risk by evolving cyber insurance to cyber resilience, check out our website and sign up for a demo.
5. Threatonomics Newsletter
Month after month, one of Resilience’s most popular featured items on LinkedIn is our monthly newsletter. This installment offers concise summaries of the blogs, industry-focused threat intel, details on ongoing threat campaigns, and “in case you missed it” news features from the month. The Resilience newsletter is a one-stop shop for all of our most recent findings, most relevant news, and any need-to-know information on managing cyber risk.
Published towards the end of each month, the Resilience newsletter helps our clients stay informed and up-to-date on the latest news and trends in cyber risk. To sign up for our newsletter, follow Resilience on LinkedIn.
As we end the year, we hope this wrap-up inspires you to reflect on the cyber landscape of 2023 and consider how past learnings can build future cyber resilience efforts. Learn more about what trends we expect to see in the new year by reading our piece, “10 Predictions for Cyber Risk in 2024.”