Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Resilience: the Cyber Risk Partner for the AWS Cloud

Achieving the Amazon Web Services Cyber Insurance Competency

by Davis Hake , Co-Founder & VP of Communications
Published

Managing cloud security is a core focus of cyber resilience efforts.

While many organizations are focusing on their cloud maturity level, a report of over 500 security professionals by Fidelis finds that 95% “are moderately to extremely concerned about the security of public clouds, signaling a need for the adoption of better security tools and practices.”

This concern makes sense as the risk of a vendor data breach has consistently ranked among Resilience clients’ top insurance losses. Further, reporting from security firm Thales found that 39% of businesses surveyed experienced a data breach within their cloud environment in 2023, and over a third reported challenges in hiring for cloud security expertise.

To help our client base manage these challenges and build a Cyber Resilient cloud environment, Resilience has recently achieved the Amazon Web Services (AWS) Cyber Insurance Competency. AWS is the number one global cloud service provider as of 2023, with over 100 trillion objects housed in its simple storage service. By achieving this competency, Resilience can help our AWS clients manage their cloud security through enhanced visibility and targeted recommendations designed to improve their risk posture. 

The borderless and dynamic nature of cloud risk makes it challenging to manage.  

The Flexera 2023 State of the Cloud Report cites cloud security as a top challenge for 79% of all organizations due to the inherently dynamic, borderless, and unstructured environment” of the cloud. According to Statista, these top concerns include data loss and leakage (69%), data privacy and confidentiality (66%), and accidental exposure of credentials (44%).  These challenges reflect the difficulty in managing the scale and complexity of hundreds of thousands of assets, understanding your role within the shared responsibility model of the cloud, and identifying proprietary applications and services that may not integrate with security tools. This means that common vulnerabilities, misconfigurations, and poor identity and access management controls can too easily go unnoticed and be exploited. 

Failing to address any of these items leads to security blind spots that can open the door to opportunistic attacks. 

In order to manage the risk that organizations are responsible for while maintaining vigilance around tool integration, in-depth visibility into their cloud environment is pivotal. However, this visibility is just data without vigilant monitoring and experts in the loop who can contextualize cloud risk within the organization’s unique environment.  

The challenges of managing cloud security are compounded by the lack of resources and expertise within the field. 

Currently, 80% of organizations do not have a dedicated cloud security team or lead. This means most organizations have limited resources dedicated to managing or monitoring their cloud risk. The Osterman survey “State of Cloud Security 2022,” shows the difficulty of large organizations in managing their cloud risk. The survey found that 93% of large-size organizations have only achieved low levels of cloud security maturity and that smaller organizations are 3x more likely to achieve higher maturity levels.

Source: Osterman Research State of Cloud Security Maturity 2022

Barriers to achieving higher maturity include highly manual tasks such as managing privileged access controls, tracking user activity across cloud applications, detecting cloud misconfigurations, evaluating compliance and security best practices, and establishing Just-in-Time (JIT) access to cloud infrastructure environments. With their scale and scope and a lack of cloud security experts, it is no wonder that the larger the organization, the more risks it faces. 

Cloud security maturity requires an immense level of visibility and specialization.  

Recognizing the threat of increased cloud risk to our client base of mid-sized and larger organizations, Resilience worked to achieve the AWS Cyber Insurance Competency. This specialization provides technical integrations that help Resilience customers who use AWS understand their cloud exposure and make targeted improvements to their security posture.

As partners with AWS, Resilience now has the capability to integrate our services with our customers’ cloud environment by way of AWS Security Hub. Through this integration, Resilience security experts can provide an enhanced level of visibility into our clients’ cloud security and actionable recommendations on how to improve their cloud security posture. These capabilities enable our clients to take timely actions to reduce their risk exposure and work toward higher cloud security maturity. 

Our enhanced cybersecurity visibility within our clients’ AWS infrastructure also helps clients translate their cyber risk into financially quantified recommendations through their Quantified Cyber Action Plans. This helps in prioritizing their investment in controls and risk transfer through a clear RoI analysis that takes into consideration their cloud environment. 

Expanding our capabilities to AWS’ cloud environment is a key part of Resilience’s mission to build a comprehensive and holistic cyber risk management solution. We are thrilled to partner with AWS to make this capability available to our clients. Learn more about how this partnership has helped our clients build resilience against cloud challenges. 

About the Author
Davis Hake , Co-Founder & VP of Communications

Davis Hake is the Co-Founder and Vice President of Communications and Policy at Resilience Insurance. Prior to starting at Resilience in 2016, Hake managed cybersecurity strategy for Palo Alto Networks, served on the National Security Council, The White House, and was a lead author of cybersecurity legislation in the U.S. Congress. Hake is also currently an Adjunct Professor of Cyber Risk Management at the University of California, Berkeley and a Term Member of the Council on Foreign Relations.

You might also like

A decision scientist’s perspective on AI

As the Senior Director of Cyber Resilience at Resilience, I bring a somewhat unconventional perspective to the table. Unlike many in our industry who come from traditional cybersecurity or insurance backgrounds, my expertise lies in decision science. Throughout my career, I’ve been fascinated by one central question: How can we help people make good decisions […]

What enterprises over $10 billion need to know about managing cyber risk

The role of the Chief Information Security Officer has undergone a profound transformation from a purely technical role to a strategic business one in recent years. For CISOs operating in organizations with over $10 billion in revenue—a segment that Resilience has recently expanded its cyber risk solutions to serve—the shift comes with unique pressures and […]

How to create an effective Incident Response Plan

Cyberattacks are no longer a distant threat—they are a certainty. Whether it’s a ransomware attack, data breach, or insider threat, organizations must be prepared to respond quickly and effectively. Without a solid plan in place, even a minor security incident can spiral into a major crisis, leading to financial losses, reputational damage, and regulatory penalties. […]

Understanding the ClickFix attack

Imagine a cyberattack so simple yet so deceptive that all it takes is three keystrokes to compromise your system. This is the reality of the ClickFix attack, a threat that Resilience threat researchers have observed in the wild since 2024 and that seems to be ramping up in recent weeks. ClickFix cleverly manipulates users into […]

How MFA can be hacked

Multi-factor authentication (MFA) represents a significant improvement over single-factor authentication, adding an extra layer of security that has become standard practice across industries. It’s become so popular that many organizations and individuals believe implementing MFA makes their accounts nearly impenetrable to attackers. After all, even if someone steals your password, they would still need access […]

What is the ROC?

The cybersecurity industry thrives on headlines. A major software vulnerability, a ransomware attack, or a widespread outage—each event sends ripples of concern through the digital ecosystem, often accompanied by a rush to assign blame and predict catastrophic consequences.  However, the reality of cyber risk is far more nuanced than these attention-grabbing headlines suggest. The key […]