Threatonomics

Building a Budget and Network for Resilience

The Cyber Advocacy Program

by Amanda Bevilacqua , US Claims Operations Leader
Published

Cyber risk is no longer just an IT challenge.

It has become a complex business problem that requires the collective effort of experts across cyber security, insurance, and financial and executive leadership. In 2023, cybercrime cost $8 trillion globally. Only two years from now, that number is expected to rise to $10.5 trillion in global losses by 2025 (Cybersecurity Ventures 2022). These figures mean now more than ever, cyber risk needs to be managed as a business challenge.

Resilience’s cyber risk management solution empowers security leaders to communicate risk transfer and mitigation objectives to financial leadership effectively. Enhanced data visibility and a network of external experts provided through our Cyber Advocacy program offer the expertise that CISOs, IT teams, and other cyber security leadership need to advocate for their budget and strategy. The program provides access to cyber risk budget training, an Incident Lifecycle Management plan with a pre-vetted client advisory panel, loss control, and governance guidance for third-party risk, and more.

Financial consultant calculating cybersecurity incident response plan budgets

Financial Advocacy and Cyber Risk Budget Training

Resilience was founded by security experts who understand the need for executive-level buy-in. Our Cyber Risk Budget training is designed to help our clients quantify the likelihood of loss exceeding a certain threshold and calculate the return on investment (ROI) of their controls.

The budget training program is designed to communicate what executive and board level stakeholders need to know about cyber risk,” said Amanda Bevilacqua, US Claims Operations Leader. They don’t necessarily need to know about implementing a specific control or process. They simply need to understand how that control or process translates into a better cyber security risk posture and its forecasted ROI.

Amanda Bevilacqua, US Claims Operations Leader

Before our clients share strategies with their stakeholders, our experts engage in virtual tabletop exercises to clarify the specific ROI of certain tools, communicating their necessity in terms of dollars and cents. Advanced AI risk modeling, loss exceedance curves, and a comprehensive overview of the organization’s cyber risk profile help our security clients present this information to their stakeholders in a way that will be more impactful. This overview translates the technical challenges of cyber risk into financially quantified solutions that will allow their organization to continue to deliver value should they experience an incident.

Cyber Security Incident Lifecycle Management

Traditional solutions provide templates and status-quo guidance for incident lifecycle management. Resilience’s process is tailored to our client’s unique risk and entails creating a comprehensive Cybersecurity Incident Response Plan (IRP) that details the steps required to resolve an event. The IRP covers notification, data backup restoration, legal and regulatory requirements, tips to preserve your organization’s reputation, and any other items needed to recover your unique environment. When the IRP is complete, it is tested thoroughly to identify any security gaps and promptly remediate them.

Part of our Incident Lifecycle Management program is offering our clients access to our network of pre-vetted external experts. This client advisory panel includes cybersecurity incident response partners and resources like privacy attorneys, computer forensic investigators, and more.

“This network helps us manage even the most complex situations,” said Bevilacqua. “If our in-house team can’t handle something, we have an external expert in the loop who can.”

Third-Party Risk Governance

Through access to security data and visibility into our clients’ risk profiles, our solution offers an extensive third-party risk governance program. This entails comprehensive State-of-your-Risk reports for up to 15 pivotal vendors, in-depth questionnaires to understand your vendor’s cyber risk profiles, and instruction to help align your vendor network with your organization’s security standards.

The impact of vendor breaches can be expansive, unpredictable, and difficult to recover from. After the MOVEit breaches in Q2 2023, third-party vendor risk has become Resilience’s number one point of failure – replacing phishing for the first time in our claim’s history. It is more important now than ever to take the steps necessary to protect your environment from your vendor’s risk, as these incidents will only grow more popular post-MOVEit’s success.

The Cyber Advocacy program is designed to give security and risk management all of the information they need to advocate for the tools they need to meet strategic business objectives. It works to accelerate stakeholder buy-in at all levels by offering data, analysis, and the financial threshold required to build a strong cyberinfrastructure.

“The Cyber Advocacy program offers our clients a responsive network ready to mobilize and capable of managing any incident,” said Bevilacqua. “This partnership approach is a key component of helping our clients remain cyber resilient in the face of growing threats.”

Ready for the first step to cyber resilience? Request a demo.

You might also like

Breaking Lemonade: Understanding Value at Risk

I talk a lot about value-at-risk among my colleagues, with our customers, and the broader market. Value-at-risk may be the single most important measure to grasp, without which one cannot accurately measure risk transfer, excess risk, risk acceptance, and return on controls. Yet, these are all important concepts that leadership in modern organizations need to […]

Would you fall for a live deepfake?

The Office of Senate Security revealed last week that the head of the Senate Foreign Relations Committee was targeted in a deep fake video call. An unknown person, claiming to be the former Ukrainian Minister of Foreign Affairs, Dmytro Kuleba, lured the Senator onto a Zoom call. The attack was thwarted when the Senator and […]

Artificial Intelligence for Cyber Resilience

AI tools are shifting the calculus for cyber defense by enhancing key areas such as vulnerability mapping, breach detection, incident response, and penetration testing. This integration could help an organization bolster its cyber resilience against an ever-evolving threat landscape. AI tools could automate the discovery and monitoring of vulnerabilities, providing real-time updates of an organization’s […]

cyber resilience framework

AI and Misuse

Welcome to part two in our series on AI and cyber risk. Be sure to read the first installment “What you need to know: Artificial Intelligence at the Heart of Cyber,” here. Key takeaways Background In February 2024, OpenAI – in collaboration with Microsoft— tracked adversaries from Russia, North Korea, Iran, and China, leveraging their […]

cyber resilience framework

Cybersecurity Incidents & Trends in Canada

Executive Summary Emerging cyber threats increasingly target Canadian organizations, government agencies, and individuals, with recent attacks revealing sophisticated tactics by threat actors. Threat actors delivered the Formbook infostealer to companies via emails that posed as job candidates. Meanwhile, the Chameleon Trojan attacked Canadian financial institutions and a restaurant chain by masquerading as legitimate apps. Cybercriminals […]

Digital Risk: Enterprises Need More Than Cyber Insurance

What you need to know: Artificial Intelligence at the Heart of Cyber

As AI technologies become more embedded in cyber strategies, they enhance the capabilities of threat actors while also offering innovative defenses to organizations [1]. AI tools can amplify adversaries’ traditional Techniques, Tools, and Procedures (TTPs) by automating the generation of sophisticated threats such as polymorphic malware — which can dynamically alter its code to evade […]