Threatonomics

Why Enterprises Need More Than Insurance

A Holistic Approach through The Resilience Solution

by Davis Hake , Co-Founder & VP of Communications
Published

Digital risk is constantly evolving. 

Assessing risk requires the ability to measure the frequency and severity of events. Cyber insurance lacks historical data and standards associated with more traditional forms of insurance, making it incredibly challenging to track or even designate forms of measurement. The current response has been to rely on status-quo benchmarks, however, these are often ineffective as they fail to address each organization’s unique risk. 

For the cyber insurance market to remain relevant in the ever-shifting risk landscape, it must innovate new strategies that will help clients directly manage their risk rather than just transferring it. Large, sophisticated enterprises, in particular, need more than just a standard insurance policy. To withstand incidents, they must adopt a Cyber Resilient strategy: aligning security visibility, risk analysis, and tailored insurance to balance business objectives and risk mitigation, making informed trade-offs about digital risk when necessary. 

The Resilience Solution helps mid and large-market enterprises create and implement these strategies. It has led to one of the lowest loss ratios in the cyber insurance industry and, more importantly, has improved our client’s resilience to threats like ransomware. In 2022, our solution helped 100% of Resilience’s Solution clients who experienced a ransomware incident avoid paying a ransom to resolve the incident.  

The Challenge with Cyber Insurance.  

Cyber risk is fluid, and the addition of software, third-party vendors, cloud services, or the discovery of potential vulnerabilities demands constant monitoring and testing. Large enterprises, in particular, have massive and complex cyber risk management protocols that require multiple departments, leaders, and minds to orchestrate. Too often, each of these teams operates with their own set of priorities, leading them to make decisions in departmental silos. This causes three major problems that we see in organizations today. 

  • Modern CISOs are becoming burned out fighting fires and increasing liability. All of their attention goes to determining which products could prevent the latest and greatest threats to their infrastructure. Their efforts are isolated from the risk transfer solutions that are meant to work in tandem with security visibility. 
  • Risk Managers are feeling overwhelmed by the complexity of cyber and need guidance in understanding the technicalities of security protocols. They often purchase cyber insurance without strategic insight from the teams trying to manage risk. 
  • CFOs and business leaders have a know/do gap. They need confidence in a unified approach that tackles cyber as a financial risk and makes decisions based on what is right for the business. 

Resilience’s Solution helps CISOs, Risk Managers, and business leadership work together to align on strategies that translate cyber risk into financial risk. We help them learn to communicate in the same language– dollars and cents– in order to align on priorities that keep the health of the business top of mind. Integrating the silos of security, finance, and risk under a common goal leads to efficiency and effectiveness. This creation of a united front against cyber risk fosters the creation of a financially prioritized and comprehensive risk management strategy that leads organizations to be able to withstand a cyber incident. 

Cyber Resilient Enterprises in Action. 

Resilience has a strong track record of helping large organizations recover from cyber incidents with minimal business interruption. When a client with a large enterprise realized they had experienced two data security incidents within the same month, they needed to quickly evaluate whether customer and employee private data were accessed and whether they had data breach notification obligations as a result. 

The Resilience Claims & Incident Management team provided a detailed Vendor Risk Management Guide to help them assess their third-party risk. The team also provided our Crisis Communications Guide and introduced them to panel-approved privacy law firms that specialize in assisting clients throughout the lifecycle of a privacy matter. 

Our holistic solution helped this client quickly respond to both incidents, mitigating potential losses and minimizing incident response costs. This is a direct result of the holistic response strategies Resilience provided that allowed the client to recover without losing private data, making an extortion payment, or experiencing significant business interruption. 

Insurance alone is not enough to build a Cyber Resilient environment. 

While incredibly valuable in recovering financial losses after an event, insurance does not function to prevent an incident from occurring in the first place. The Resilience Solution contains security visibility, cyber risk quantification, and insurance working together in an integrated manner. This approach helps clients deal with cyber as both a technical and a financial challenge. Our solution achieves this through five key integrated benefits that work to break down silos across leadership and establish a business environment that can withstand a cyber incident. 

  • Financially-Proven AI Platform: We offer a continuous learning system that creates clarity from cybersecurity visibility. Our platform uses machine learning technology and AI to power our cyber risk models, helping leadership make confident and financially backed decisions around exposures and controls.  
  • Human-in-the-Loop Partnership: Our team provides expertise to guide, validate, and augment your cyber risk team. Unlike most solutions, we apply real-world tactical knowledge to contextualize, prioritize, and implement security controls specific to our clients’ unique environment and risk exposure.  
  • Quantified Action Plan: We provide prioritization and context for faster and better decision-making. Using data provided by our AI platform, we help our clients design a peril-based investment plan based on their risk profile and our proprietary cyber risk quantification models.
  • Responsive Policy: We offer comprehensive coverage that is purpose-built for the dynamism and complexity of cyber risk. Our policies are tailored to consider each client’s individual risk profile by leveraging our analytical tools to provide our in-house underwriting team with enhanced cybersecurity visibility. 
  • Cyber Advocacy Program: We offer resources to activate an engaged community up and down your organization. This program gives security and risk management leadership the information to advocate for the tools they need. It accelerates stakeholder buy-in by offering data, analysis, and the financial threshold required to build a strong cyberinfrastructure.

In a cyber risk climate where adversary tactics are constantly shifting, Resilience’s holistic approach to risk management has helped us achieve loss ratios that are less than 1/3rd of the industry average in 2022 and has had dramatic results in keeping clients resilient to ransomware. 

 

About the Author
Davis Hake , Co-Founder & VP of Communications

Davis Hake is the Co-Founder and Vice President of Communications and Policy at Resilience Insurance. Prior to starting at Resilience in 2016, Hake managed cybersecurity strategy for Palo Alto Networks, served on the National Security Council, The White House, and was a lead author of cybersecurity legislation in the U.S. Congress. Hake is also currently an Adjunct Professor of Cyber Risk Management at the University of California, Berkeley and a Term Member of the Council on Foreign Relations.

You might also like

Building The Cyber Resilient Organization

In this article, we expound on the fundamental tenets of a cyber-resilient system. Those tenets distinguish it from mere cybersecurity.  And it is from these tenets (or truths) that the cyber resilient organization operates.

Resilience: the Cyber Risk Partner for the AWS Cloud

As partners with AWS, Resilience now has the capability to integrate our services with our customers’ cloud environment by way of AWS Security Hub. Through this integration, Resilience security experts can provide an enhanced level of visibility into our clients’ cloud security and actionable recommendations on how to improve their cloud security posture. These capabilities enable our clients to take timely actions to reduce their risk exposure and work toward higher cloud security maturity. 

Cybercrime Takes No Vacations

To help organizations keep their networks safe while enjoying the holiday season, Resilience has compiled this list of traditionally seasonal cybersecurity challenges and corresponding strategies to avoid them. 

Resilience at the World Economic Forum

Resilience CEO and Co-Founder Vishaal “V8” Hariprasad participated in the World Economic Forum’s Annual Meeting on Cybersecurity in Geneva, Switzerland. Hariprasad discussed the trends that are shaping the future of risk in cybersecurity.

From Military Service to Cybersecurity Experts

In today’s digital world, cyber risk is not just a threat to business operations but to entire countries. As the threat of cyber attacks grows in frequency and severity, the need for cybersecurity professionals who can understand and manage this risk grows in tandem.  

Resilience’s NetDiligence Beverly Hills 2023 Recap

NetDiligence’s Cyber Risk Summits have become a staple of networking and mindshare for the entire cyber insurance industry. This year, Resilience led over a half dozen of our own events to share research on changing cybercrime trends, rising threats to and from third-party vendors, and how new GenAI-based strategies could be leveraged by cybercriminals.