Stabilize Global Cyber Risk
Threatonomics

Best of Threatonomics Year-End Review

The Top Five Blogs of the Year

by Laura Hiserodt , Staff Writer
Published

As 2023 comes to an end, we are looking back on our top five most popular blog posts that helped shape our understanding of what it means to be cyber-resilient.

1. Moneyballing Cyber Resilience 

Chief Cyber Resilience Officer Richard Seiersen wrote “Moneyballing Cyber Resilience” as a follow-up to  his first webinar, “Superforecasting.” The book, Moneyball, is about how finding the right object and method of measurement can help create an advantage over the competition, a connection Seiersen draws between that and finding the right object and measurement measurement method for effective cyber risk management. and cyber risk forecasting.

Finding the right object and method of measurement is a major facet of building a Cyber Resilience strategy. Identifying these objects is necessary to help align cybersecurity, risk management, and business leadership on the same objectives. Once they have a shared objective, they can make decisions together to share with the board – or, as Seiersen calls them, the “money people.” Communicating with the money people requires speaking a language they understand, and that means translating cyber risk into dollars and cents. 

If you want to go deep on how to “Moneyball” your cyber risk, you can also watch the first installment of Rich’s webinar series, “How to Build a Defensible Cybersecurity Budget.” 

2. The Rise of the Cyber Resilient Leader 

Before his elevation to Chief Cyber Resilience Officer (CCRO), the first in the industry, Rich Seiersen wrote “The Rise of the Cyber Resilient Leader,” outlining why this new role is important in helping organizations better manage their cyber risk. This piece established the backbone of the Chief Cyber Resilience Officer mindset and the responsibilities that the role entails, working as a comprehensive guide for cybersecurity professionals who hope to take on these responsibilities. 

“Risk leaders must make trade-offs. They must respond responsibly to economic headwinds. And they must react to the myriad threats created by digital transformation,” said Seiersen. “A cyber resilient leader makes those tradeoffs without exacerbating loss nor incurring moral hazard. They operate from a set of principles that emphasize building economically efficient strategies. “

If you want to read more about the new role of the CCRO, you can read our newest blog on this role.

3. The Resilience Mid-Year 2023 Claims Report 

Resilience’s mid-year 2023 claims report made considerable contributions to our understanding of the current risk landscape and how we believe it would continue to evolve throughout the end of 2023. The report was built on five key findings made from both Resilience’s internal data and data from ransomware incident response partner Coveware, blockchain analytics firm Chainanalysis, security partner Zscaler, and security firm Sophos

Our findings showed us that ransomware is evolving as organizations become more resilient against making extortion payments. This has led threat actors to shift in two ways: going after larger organizations that have deeper pockets in hopes that they will be more inclined to make a payment and shifting to large-scale third-party breaches to hit more organizations at once. This shift has led third-party risk to become Resilience’s top cause-of-loss AND point-of-failure.

“This shift in Resilience claims data demonstrates how suddenly the threat landscape evolves as criminal actors create their own criminal market forces, sometimes including regulating their affiliates. These forces directly affect the insurance market, as clients feel the impact through incidents, and insurers see the correlating rise in claims.” 

To learn more about Resilience’s internal findings and how we’ve helped our clients build cyber resilience, check out our 2022 Claims Report.  

4. Why Enterprises Need More Than Insurance 

Though incredibly important to the entire cyber risk management process, insurance alone is not enough to build Cyber Resilience. Insurance is designed to transfer risk, not mitigate it or help you understand your tolerance to risk, which is why finding the right balance between risk acceptance, security controls, and risk transfer, is necessary to protect your environment. 

“In a cyber risk climate where adversary tactics are constantly shifting, Resilience’s holistic approach to risk management has helped us achieve loss ratios that are less than 1/3rd of the industry average in 2022 and has had dramatic results in keeping clients resilient to ransomware.” 

For more about our approach to managing cyber risk by evolving cyber insurance to cyber resilience, check out our website and sign up for a demo.

5. Threatonomics Newsletter

Month after month, one of Resilience’s most popular featured items on LinkedIn is our monthly newsletter. This installment offers concise summaries of the blogs, industry-focused threat intel, details on ongoing threat campaigns, and “in case you missed it” news features from the month. The Resilience newsletter is a one-stop shop for all of our most recent findings, most relevant news, and any need-to-know information on managing cyber risk. 

Published towards the end of each month, the Resilience newsletter helps our clients stay informed and up-to-date on the latest news and trends in cyber risk. To sign up for our newsletter, follow Resilience on LinkedIn

As we end the year, we hope this wrap-up inspires you to reflect on the cyber landscape of 2023 and consider how past learnings can build future cyber resilience efforts. Learn more about what trends we expect to see in the new year by reading our piece, “10 Predictions for Cyber Risk in 2024.” 

You might also like

Five Predictions on the State of Cyber Claims in 2024

Unravel the complexities of cyber risk with the 2023 Mid-Year Claims Report by Resilience. Dive into our analysis and predictions for the cyber insurance industry in 2024, including the pivotal role of AI and regulatory changes.

Knowing Your Risk Surface: A Risk-Focused Approach to Incident Response

After decades of more damaging and less predictable cyber attacks, modern cybersecurity practitioners have recognized the critical need to incorporate more risk-based approaches to their planning efforts. However, despite the continuing advances within the cybersecurity field, analytics firms are noting record years for cybercriminals and breaches against some of the most well-defended organizations in the […]

Top Three Trends on Cyber Resilience from The World Economic Forum

With generative AI dominating the conversation at the World Economic Forum’s annual meeting in Davos this year – a massive 32 sessions in total – it’s easy to overlook another topic that was the focus of WEF’s 2024 Global Cybersecurity Outlook: Cyber Resilience.  The term has taken on a new importance in 2024 as enterprise […]

Do you Need Human Brains to make AI Useful in Cybersecurity?

As the world advances with data processing and artificial intelligence (AI) capabilities at a mind-boggling pace, we might feel as if humans are becoming obsolete. This is certainly the question of an endless series of articles that have clogged our inboxes since the release of ChatGPT publicly in late 2022. Maybe this development is a […]

Mastering Cyber Resilience

Cyber Resilience 101, 202, and accompanying Cyber Resilience Workshops are designed to teach brokers the fundamentals of proactive cyber risk management

Top Ten Cyber Risk Predictions for 2024

As we move into the next year, it is likely that the cyber landscape will evolve in ways we never saw coming. However, given the data from key trends in 2023 and our expert knowledge in tracking and translating cyber risk into actionable insight, caution around these ten predictions will be beneficial in the new year.