Digital Risk: Enterprises Need More Than Cyber Insurance

Best of Threatonomics Year-End Review

The Top Five Blogs of the Year

by Laura Hiserodt , Staff Writer

As 2023 comes to an end, we are looking back on our top five most popular blog posts that helped shape our understanding of what it means to be cyber-resilient.

1. Moneyballing Cyber Resilience 

Chief Cyber Resilience Officer Richard Seiersen wrote “Moneyballing Cyber Resilience” as a follow-up to  his first webinar, “Superforecasting.” The book, Moneyball, is about how finding the right object and method of measurement can help create an advantage over the competition, a connection Seiersen draws between that and finding the right object and measurement measurement method for effective cyber risk management. and cyber risk forecasting.

Finding the right object and method of measurement is a major facet of building a Cyber Resilience strategy. Identifying these objects is necessary to help align cybersecurity, risk management, and business leadership on the same objectives. Once they have a shared objective, they can make decisions together to share with the board – or, as Seiersen calls them, the “money people.” Communicating with the money people requires speaking a language they understand, and that means translating cyber risk into dollars and cents. 

If you want to go deep on how to “Moneyball” your cyber risk, you can also watch the first installment of Rich’s webinar series, “How to Build a Defensible Cybersecurity Budget.” 

2. The Rise of the Cyber Resilient Leader 

Before his elevation to Chief Cyber Resilience Officer (CCRO), the first in the industry, Rich Seiersen wrote “The Rise of the Cyber Resilient Leader,” outlining why this new role is important in helping organizations better manage their cyber risk. This piece established the backbone of the Chief Cyber Resilience Officer mindset and the responsibilities that the role entails, working as a comprehensive guide for cybersecurity professionals who hope to take on these responsibilities. 

“Risk leaders must make trade-offs. They must respond responsibly to economic headwinds. And they must react to the myriad threats created by digital transformation,” said Seiersen. “A cyber resilient leader makes those tradeoffs without exacerbating loss nor incurring moral hazard. They operate from a set of principles that emphasize building economically efficient strategies. “

If you want to read more about the new role of the CCRO, you can read our newest blog on this role.

3. The Resilience Mid-Year 2023 Claims Report 

Resilience’s mid-year 2023 claims report made considerable contributions to our understanding of the current risk landscape and how we believe it would continue to evolve throughout the end of 2023. The report was built on five key findings made from both Resilience’s internal data and data from ransomware incident response partner Coveware, blockchain analytics firm Chainanalysis, security partner Zscaler, and security firm Sophos

Our findings showed us that ransomware is evolving as organizations become more resilient against making extortion payments. This has led threat actors to shift in two ways: going after larger organizations that have deeper pockets in hopes that they will be more inclined to make a payment and shifting to large-scale third-party breaches to hit more organizations at once. This shift has led third-party risk to become Resilience’s top cause-of-loss AND point-of-failure.

“This shift in Resilience claims data demonstrates how suddenly the threat landscape evolves as criminal actors create their own criminal market forces, sometimes including regulating their affiliates. These forces directly affect the insurance market, as clients feel the impact through incidents, and insurers see the correlating rise in claims.” 

To learn more about Resilience’s internal findings and how we’ve helped our clients build cyber resilience, check out our 2022 Claims Report.  

4. Why Enterprises Need More Than Insurance 

Though incredibly important to the entire cyber risk management process, insurance alone is not enough to build Cyber Resilience. Insurance is designed to transfer risk, not mitigate it or help you understand your tolerance to risk, which is why finding the right balance between risk acceptance, security controls, and risk transfer, is necessary to protect your environment. 

“In a cyber risk climate where adversary tactics are constantly shifting, Resilience’s holistic approach to risk management has helped us achieve loss ratios that are less than 1/3rd of the industry average in 2022 and has had dramatic results in keeping clients resilient to ransomware.” 

For more about our approach to managing cyber risk by evolving cyber insurance to cyber resilience, check out our website and sign up for a demo.

5. Threatonomics Newsletter

Month after month, one of Resilience’s most popular featured items on LinkedIn is our monthly newsletter. This installment offers concise summaries of the blogs, industry-focused threat intel, details on ongoing threat campaigns, and “in case you missed it” news features from the month. The Resilience newsletter is a one-stop shop for all of our most recent findings, most relevant news, and any need-to-know information on managing cyber risk. 

Published towards the end of each month, the Resilience newsletter helps our clients stay informed and up-to-date on the latest news and trends in cyber risk. To sign up for our newsletter, follow Resilience on LinkedIn

As we end the year, we hope this wrap-up inspires you to reflect on the cyber landscape of 2023 and consider how past learnings can build future cyber resilience efforts. Learn more about what trends we expect to see in the new year by reading our piece, “10 Predictions for Cyber Risk in 2024.” 

You might also like

third-party cyber risk management

New Frontier: Cyber Risk Mitigation with Superforecasting

You’re a CISO, bombarded from all sides. New vulnerabilities emerge daily, vendors tout countless security solutions, and your inbox overflows with security alerts. Your skilled analysts are stretched thin, struggling to keep pace with the ever-evolving threat landscape. How do you make sense of it all? How do you prioritize investments, allocate resources, and make […]

third-party cyber risk management

Cybersecurity Essentials: The Role of Vulnerability Management in Building Cyber Resilient IT Systems

Navigating the complexities of cybersecurity requires a strategic approach to mitigate risks and safeguard IT systems. Central to this approach is vulnerability management, a systematic process that identifies, assesses, and prioritizes vulnerabilities within organizations’ infrastructure. Understanding what vulnerability management entails and how it contributes to preemptive cyber defense is critical.  According to a recent report […]

third-party cyber risk management

Mastering Cybersecurity Risk Metrics: A New Way to Think About Cyber Risk

Digital threats are not just possibilities but inevitabilities; understanding and calculating cyber risk is more than a precaution – it’s a necessity. Understanding cybersecurity metrics is essential to safeguarding and improving business operations. Calculating cyber risks simplifies complex issues and empowers professionals to communicate them clearly to improve their organization’s digital security. This requires a […]

third-party cyber risk management

Evolving Cybersecurity: From Risk Management to Cyber Resilience

With an astonishing 95% of cybersecurity breaches attributed to human error, organizations must educate, train, and implement a security foundation for all employees. This staggering statistic highlights the vulnerability of humans within digital infrastructures and underscores the importance of building a security-forward mindset into the culture of resilient businesses.   As cyber threats continue to lead […]

third-party cyber risk management

Counting the Cost: Understanding the Financial Risk of Cybersecurity Breaches

Cybersecurity breaches stand as a relentless challenge for organizations worldwide, causing substantial financial repercussions. As cyber threats advance in complexity, the economic impact on businesses intensifies, affecting everything from upfront costs to sustained financial health.  A thorough investigation into the financial risks posed by cybersecurity breaches reveals the breadth of direct and indirect expenses that […]

third-party cyber risk management

Rewriting the Rules of Cyber Security Risks: Part II

Building Cyber Resilience requires a new approach to assessing, measuring, and managing risk. Traditional thinking from both the security and insurance sectors views risk management in binary silos that either stop an attack or fail to prevent loss. However, the truth is that cyber security risk is significantly more complex. Being resilient to cyber security […]