Threatonomics

Building a Budget and Network for Resilience

The Cyber Advocacy Program

by Amanda Bevilacqua , US Claims Operations Leader
Published

Cyber risk is no longer just an IT challenge.

It has become a complex business problem that requires the collective effort of experts across cyber security, insurance, and financial and executive leadership. In 2023, cybercrime cost $8 trillion globally. Only two years from now, that number is expected to rise to $10.5 trillion in global losses by 2025 (Cybersecurity Ventures 2022). These figures mean now more than ever, cyber risk needs to be managed as a business challenge.

Resilience’s cyber risk management solution empowers security leaders to communicate risk transfer and mitigation objectives to financial leadership effectively. Enhanced data visibility and a network of external experts provided through our Cyber Advocacy program offer the expertise that CISOs, IT teams, and other cyber security leadership need to advocate for their budget and strategy. The program provides access to cyber risk budget training, an Incident Lifecycle Management plan with a pre-vetted client advisory panel, loss control, and governance guidance for third-party risk, and more.

Financial Advocacy and Cyber Risk Budget Training

Resilience was founded by security experts who understand the need for executive-level buy-in. Our Cyber Risk Budget training is designed to help our clients quantify the likelihood of loss exceeding a certain threshold and calculate the return on investment (ROI) of their controls. “The budget training program is designed to communicate what executive and board level stakeholders need to know about cyber risk,” said Amanda Bevilacqua, US Claims Operations Leader. “They don’t necessarily need to know about implementing a specific control or process. They simply need to understand how that control or process translates into a better cyber security risk posture and its forecasted ROI.”

Before our clients share strategies with their stakeholders, our experts engage in virtual tabletop exercises to clarify the specific ROI of certain tools, communicating their necessity in terms of dollars and cents. Advanced AI risk modeling, loss exceedance curves, and a comprehensive overview of the organization’s cyber risk profile help our security clients present this information to their stakeholders in a way that will be more impactful. This overview translates the technical challenges of cyber risk into financially quantified solutions that will allow their organization to continue to deliver value should they experience an incident.

Incident Lifecycle Management

Traditional solutions provide templates and status-quo guidance for incident lifecycle management. Resilience’s process is tailored to our client’s unique risk and entails creating a comprehensive Incident Response Plan (IRP) that details the steps required to resolve an event. The IRP covers notification, data backup restoration, legal and regulatory requirements, tips to preserve your organization’s reputation, and any other items needed to recover your unique environment. When the IRP is complete, it is tested thoroughly to identify any security gaps and promptly remediate them.

Part of our Incident Lifecycle Management program is offering our clients access to our network of pre-vetted external experts. This client advisory panel includes incident response partners and resources, such as privacy attorneys, computer forensic investigators, and much more. “This network helps us manage even the most complex situations,” said Bevilacqua. “If our in-house team can’t handle something, we have an external expert in the loop who can.”

Third-Party Risk Governance

Through access to security data and visibility into our client’s risk profile, our solution offers an extensive third-party risk governance program. This entails comprehensive State-of-your-Risk reports for up to 15 pivotal vendors, in-depth questionnaires to understand your vendor’s cyber risk profiles, and instruction to help align your vendor network with your organization’s security standards.

The impact of vendor breaches can be expansive, unpredictable, and difficult to recover from. After the MOVEit breaches in Q2 2023, third-party vendor risk has become Resilience’s number one point of failure– replacing phishing for the first time in our claim’s history. It is more important now than ever to take the steps necessary to protect your environment from your vendor’s risk, as these incidents will only grow more popular post-MOVEit’s success.

The Cyber Advocacy program is designed to give security and risk management all of the information to advocate for the tools they need to meet strategic business objectives. It works to accelerate stakeholder buy-in at all levels by offering data, analysis, and the financial threshold required to build a strong cyber infrastructure. “The Cyber Advocacy program offers our clients a responsive network ready to mobilize and capable of managing any incident,” said Bevilacqua. “This partnership approach is a key component of helping our clients remain cyber resilient in the face of growing threats.”

You might also like

Five Predictions on the State of Cyber Claims in 2024

Unravel the complexities of cyber risk with the 2023 Mid-Year Claims Report by Resilience. Dive into our analysis and predictions for the cyber insurance industry in 2024, including the pivotal role of AI and regulatory changes.

Knowing Your Risk Surface: A Risk-Focused Approach to Incident Response

After decades of more damaging and less predictable cyber attacks, modern cybersecurity practitioners have recognized the critical need to incorporate more risk-based approaches to their planning efforts. However, despite the continuing advances within the cybersecurity field, analytics firms are noting record years for cybercriminals and breaches against some of the most well-defended organizations in the […]

Top Three Trends on Cyber Resilience from The World Economic Forum

With generative AI dominating the conversation at the World Economic Forum’s annual meeting in Davos this year – a massive 32 sessions in total – it’s easy to overlook another topic that was the focus of WEF’s 2024 Global Cybersecurity Outlook: Cyber Resilience.  The term has taken on a new importance in 2024 as enterprise […]

Do you Need Human Brains to make AI Useful in Cybersecurity?

As the world advances with data processing and artificial intelligence (AI) capabilities at a mind-boggling pace, we might feel as if humans are becoming obsolete. This is certainly the question of an endless series of articles that have clogged our inboxes since the release of ChatGPT publicly in late 2022. Maybe this development is a […]

Mastering Cyber Resilience

Cyber Resilience 101, 202, and accompanying Cyber Resilience Workshops are designed to teach brokers the fundamentals of proactive cyber risk management

Best of Threatonomics Year-End Review

As 2023 comes to an end, we are looking back on our top five most popular blog posts that helped shape our understanding of what it means to be cyber-resilient. 1. Moneyballing Cyber Resilience  Chief Cyber Resilience Officer Richard Seiersen wrote “Moneyballing Cyber Resilience” as a follow-up to  his first webinar, “Superforecasting.” The book, Moneyball, […]