third-party cyber risk management
Threatonomics

Resilience’s NetDiligence Beverly Hills 2023 Recap

Five Events from NetDiligence, Beverly Hills.

by Davis Hake , Co-Founder & VP of Communications
Published

NetDiligence’s Cyber Risk Summits have become a staple of networking and mindshare for the entire cyber insurance industry. This year, Resilience led over a half dozen of our own events to share research on changing cybercrime trends, rising threats to and from third-party vendors, and how new GenAI-based strategies could be leveraged by cybercriminals.

Breach Breakfast by Resilience, Tom Egglestone, Head of Global Claims, Resilience; Aaron Sherman, Coveware; Davis Hake, Co-Founder, Resilience.

Launching their Mid-Year 2023 Claims Report, Resilience held an intimate breakfast discussion with incident response and law firm partners the first morning of the conference. Tom provided an overview of the report’s findings showing that while ransomware trends showed 2023 on track to be a record-breaking year for cybercrime, fewer and fewer companies were making extortion payments to resolve an incident. This data was correlated by Aaron Sherman, representing the work Coveware has done tracking the ransomware market on a monthly basis. Aaron also provided a first-hand account of what it was like negotiating with ransomware criminals and ideas on how generative AI would help increase the ability of fraudsters to social engineer victim companies. 

Cyber Resilience Workshop by Resilience, Si West, Director of Customer Engagement, Resilience.

Resilience hosted a number of broker partners for an in-depth discussion on what exactly cyber resilience meant, and how it could be put into practice with live scenarios. The concept of cyber resilience involves understanding an organization’s cyber value-at-risk from a financial perspective, and working to prioritize cybersecurity investments that allow the organization to take a hit and continue operating. Si walked through a preview of a new blueprint for how Resilience is working with its clients and then led a tabletop breach scenario so that brokers can see firsthand how he and his team work with clients 1 on 1. Some Resilience team members, like CEO  Vishaal “V8” Hariprasad and SVP of Product Kurt Van Etten dusted off their cyber skills to join in with the brokers for a great afternoon session. 

Risks of Doing Business with Unsecured Third Parties Panel, Stu Panensky (M), FisherBroyles, LLP; Ryan Coyne, Experian; Tom Egglestone, Resilience; Mark Grazman, Fenix24; Matthew Saidel, FTI Consulting. 

Tom Egglestone joined a senior panel of legal and incident response experts to discuss how insurers have been reacting to an increase in attacks against clients through trusted third-party vendors. While outsourcing any business function inherently leads to more risk, companies face ever-growing pressures to support remote working or improve productivity. Incidents like the MOVEit attacks are having ripple effects across insure’s’ claims portfolios as they see second and third-party victims from the attacks. Handling these cases also presents some different hurdles for incident response and claims teams to clear. The panel discussed how establishing responsibility for who is handling the incident early on is vital, the vendor or the victim. They also left two key bits of advice. First, look beyond your organization’s borders. Ultimately, we all exist in an ecosystem where our clients are both users and suppliers of IT services. Guidance to clients should account for their position in the supply chain, as well as vendors within their own supply chain, as part of a holistic approach to cyber risk management. Second, organizations should move away from static approaches to vendor risk management. Current approaches see heavy investment in due diligence and recertification stages. Just like other areas of cyber risk, constant adaptation and monitoring is key to ensuring you’re resilient to reasonably plausible losses.

Hacker Salon by Resilience, Justin Shattuck, CISO, Resilience. 

In a standing-room-only event, Resilience CISO Justin Shattuck walked broker partners through a hands-on hacking lab to demonstrate techniques and tactics used by cybercriminals against their clients. The class of insurance brokers took on the role of “initial access brokers,” threat actors who conduct recon to gain access into enterprise networks. Looking at cyber risk from this POV, they learned the basics of cybercrime economics, the Lockheed Martin Cyber Kill Chain, and how criminal organizations are structured. Justin then led the class through how criminals select targets and gather open-source intelligence, then leveraged ChatGPT to build sophisticated spearphishing lures based on the gathered intelligence. Ultimately, these labs are designed to help brokers better understand the technical side of their clients’ cyber exposure and how to help make them harder targets for cybercriminals. 

Recharge Wellness Series by Resilience, Ingrid Smith, Director of Marketing; MaryKate Broderick, Assistance Marketing Manager, Resilience. 

While everyone was busy empowering their brains, the Resilience team and guests also took the opportunity to recharge their bodies and spirits, with a series of events every morning of the conference. Starting with a rooftop spin session on Monday, early risers were treated to a relaxing hour-long yoga session on Tuesday, and an intense boot camp to round out the week on Wednesday. A fresh juice bar awaited the participants to help shake off the conference cobwebs and start their days strong. 

Along with Resilience’s yearly reception party, it was a packed week at NetDiligence. If your organization is interested in learning more about cybercrime trends or getting hands-on experience with Resilience security experts, please reach out to our team at www.cyberresilience.com/contact-us. We’ll see you next year in Miami for NetDiligence, Florida!

You might also like

How to get everyone on the same page about your cybersecurity plan

Everyone needs cybersecurity–and we’d argue that most organizations need cyber insurance–but not everyone understands how or why cyber risk solutions actually benefit their company. Resilience is tackling both the “how” and the “why” with our dual product offerings: The Edge Solution Platform and the Edge Engagement Summary. First, the Edge Solution. Edge is packed with […]

2025 cybersecurity and insurance predictions

Get ready for threats both old and new in 2025

It’s prediction season, and while no one can see into the future, we can definitely take some educated guesses. From increasingly severe ransomware attacks to deepfakes that deceive Fortune 500 companies, we’re keeping an eye out for some major events in 2025. And while many organizations are taking steps to beef up their defenses, the […]

Contrasting and comparing FAIR with the Resilience solution

As market awareness of cyber risk quantification grows, we frequently receive questions from clients and curious risk managers about FAIR (Factor Analysis of Information Risk)—what it is, whether it truly provides accurate cyber risk quantification, the effort needed to set it up and maintain, and more. Clients often ask us to compare the FAIR methodology […]

How does Resilience establish the probabilities presented in my LEC?

Managing risk successfully at any level requires an understanding of a concept called “probability.” As both an insurance company (risk transfer) and a cyber risk management company, Resilience relies on understanding probabilities to price our services and to guide our clients to greater levels of cyber resilience. As we often receive questions from our clients […]

Moving beyond heat maps for better risk management

Heat maps are among the most widely used—and debated—tools for risk managers worldwide to communicate risks in their registries or project portfolios. Despite their popularity, we advise leaders seeking transparency in discussing risk and value to avoid relying on them. What are heat maps? Risk managers often use heat maps (or risk matrices) to represent […]

Breaking Lemonade: Understanding Value at Risk

I talk a lot about value-at-risk among my colleagues, with our customers, and the broader market. Value-at-risk may be the single most important measure to grasp, without which one cannot accurately measure risk transfer, excess risk, risk acceptance, and return on controls. Yet, these are all important concepts that leadership in modern organizations need to […]