Threatonomics

Building a Budget and Network for Resilience

The Cyber Advocacy Program

by Amanda Bevilacqua , US Claims Operations Leader
Published

Cyber risk is no longer just an IT challenge.

It has become a complex business problem that requires the collective effort of experts across cyber security, insurance, and financial and executive leadership. In 2023, cybercrime cost $8 trillion globally. Only two years from now, that number is expected to rise to $10.5 trillion in global losses by 2025 (Cybersecurity Ventures 2022). These figures mean now more than ever, cyber risk needs to be managed as a business challenge.

Resilience’s cyber risk management solution empowers security leaders to communicate risk transfer and mitigation objectives to financial leadership effectively. Enhanced data visibility and a network of external experts provided through our Cyber Advocacy program offer the expertise that CISOs, IT teams, and other cyber security leadership need to advocate for their budget and strategy. The program provides access to cyber risk budget training, an Incident Lifecycle Management plan with a pre-vetted client advisory panel, loss control, and governance guidance for third-party risk, and more.

Financial consultant calculating cybersecurity incident response plan budgets

Financial Advocacy and Cyber Risk Budget Training

Resilience was founded by security experts who understand the need for executive-level buy-in. Our Cyber Risk Budget training is designed to help our clients quantify the likelihood of loss exceeding a certain threshold and calculate the return on investment (ROI) of their controls.

The budget training program is designed to communicate what executive and board level stakeholders need to know about cyber risk,” said Amanda Bevilacqua, US Claims Operations Leader. They don’t necessarily need to know about implementing a specific control or process. They simply need to understand how that control or process translates into a better cyber security risk posture and its forecasted ROI.

Amanda Bevilacqua, US Claims Operations Leader

Before our clients share strategies with their stakeholders, our experts engage in virtual tabletop exercises to clarify the specific ROI of certain tools, communicating their necessity in terms of dollars and cents. Advanced AI risk modeling, loss exceedance curves, and a comprehensive overview of the organization’s cyber risk profile help our security clients present this information to their stakeholders in a way that will be more impactful. This overview translates the technical challenges of cyber risk into financially quantified solutions that will allow their organization to continue to deliver value should they experience an incident.

Cyber Security Incident Lifecycle Management

Traditional solutions provide templates and status-quo guidance for incident lifecycle management. Resilience’s process is tailored to our client’s unique risk and entails creating a comprehensive Cybersecurity Incident Response Plan (IRP) that details the steps required to resolve an event. The IRP covers notification, data backup restoration, legal and regulatory requirements, tips to preserve your organization’s reputation, and any other items needed to recover your unique environment. When the IRP is complete, it is tested thoroughly to identify any security gaps and promptly remediate them.

Part of our Incident Lifecycle Management program is offering our clients access to our network of pre-vetted external experts. This client advisory panel includes cybersecurity incident response partners and resources like privacy attorneys, computer forensic investigators, and more.

“This network helps us manage even the most complex situations,” said Bevilacqua. “If our in-house team can’t handle something, we have an external expert in the loop who can.”

Third-Party Risk Governance

Through access to security data and visibility into our clients’ risk profiles, our solution offers an extensive third-party risk governance program. This entails comprehensive State-of-your-Risk reports for up to 15 pivotal vendors, in-depth questionnaires to understand your vendor’s cyber risk profiles, and instruction to help align your vendor network with your organization’s security standards.

The impact of vendor breaches can be expansive, unpredictable, and difficult to recover from. After the MOVEit breaches in Q2 2023, third-party vendor risk has become Resilience’s number one point of failure – replacing phishing for the first time in our claim’s history. It is more important now than ever to take the steps necessary to protect your environment from your vendor’s risk, as these incidents will only grow more popular post-MOVEit’s success.

The Cyber Advocacy program is designed to give security and risk management all of the information they need to advocate for the tools they need to meet strategic business objectives. It works to accelerate stakeholder buy-in at all levels by offering data, analysis, and the financial threshold required to build a strong cyberinfrastructure.

“The Cyber Advocacy program offers our clients a responsive network ready to mobilize and capable of managing any incident,” said Bevilacqua. “This partnership approach is a key component of helping our clients remain cyber resilient in the face of growing threats.”

Ready for the first step to cyber resilience? Request a demo.

About the Author
Amanda Bevilacqua , US Claims Operations Leader

Amanda Bevilacqua is the Director of Security Engagement and Claims at Resilience where she oversees client onboarding and the Resilience Ransomware War Game Tabletop Exercises. Prior to joining Resilience in 2021, Surovec served as claims manager at Beazley and as a claims specialist at Sphere Risk Partners. Surovec holds a BA in Human Development and Family Studies from Penn State University.

You might also like

third-party cyber risk management

New Frontier: Cyber Risk Mitigation with Superforecasting

You’re a CISO, bombarded from all sides. New vulnerabilities emerge daily, vendors tout countless security solutions, and your inbox overflows with security alerts. Your skilled analysts are stretched thin, struggling to keep pace with the ever-evolving threat landscape. How do you make sense of it all? How do you prioritize investments, allocate resources, and make […]

third-party cyber risk management

Cybersecurity Essentials: The Role of Vulnerability Management in Building Cyber Resilient IT Systems

Navigating the complexities of cybersecurity requires a strategic approach to mitigate risks and safeguard IT systems. Central to this approach is vulnerability management, a systematic process that identifies, assesses, and prioritizes vulnerabilities within organizations’ infrastructure. Understanding what vulnerability management entails and how it contributes to preemptive cyber defense is critical.  According to a recent report […]

third-party cyber risk management

Mastering Cybersecurity Risk Metrics: A New Way to Think About Cyber Risk

Digital threats are not just possibilities but inevitabilities; understanding and calculating cyber risk is more than a precaution – it’s a necessity. Understanding cybersecurity metrics is essential to safeguarding and improving business operations. Calculating cyber risks simplifies complex issues and empowers professionals to communicate them clearly to improve their organization’s digital security. This requires a […]

third-party cyber risk management

Evolving Cybersecurity: From Risk Management to Cyber Resilience

With an astonishing 95% of cybersecurity breaches attributed to human error, organizations must educate, train, and implement a security foundation for all employees. This staggering statistic highlights the vulnerability of humans within digital infrastructures and underscores the importance of building a security-forward mindset into the culture of resilient businesses.   As cyber threats continue to lead […]

third-party cyber risk management

Counting the Cost: Understanding the Financial Risk of Cybersecurity Breaches

Cybersecurity breaches stand as a relentless challenge for organizations worldwide, causing substantial financial repercussions. As cyber threats advance in complexity, the economic impact on businesses intensifies, affecting everything from upfront costs to sustained financial health.  A thorough investigation into the financial risks posed by cybersecurity breaches reveals the breadth of direct and indirect expenses that […]

third-party cyber risk management

Rewriting the Rules of Cyber Security Risks: Part II

Building Cyber Resilience requires a new approach to assessing, measuring, and managing risk. Traditional thinking from both the security and insurance sectors views risk management in binary silos that either stop an attack or fail to prevent loss. However, the truth is that cyber security risk is significantly more complex. Being resilient to cyber security […]