Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Best of Threatonomics Year-End Review

The Top Five Blogs of the Year

by Emma McGowan , Senior Writer
Published

As 2023 comes to an end, we are looking back on our top five most popular blog posts that helped shape our understanding of what it means to be cyber-resilient.

1. Moneyballing Cyber Resilience 

Chief Cyber Resilience Officer Richard Seiersen wrote “Moneyballing Cyber Resilience” as a follow-up to  his first webinar, “Superforecasting.” The book, Moneyball, is about how finding the right object and method of measurement can help create an advantage over the competition, a connection Seiersen draws between that and finding the right object and measurement measurement method for effective cyber risk management. and cyber risk forecasting.

Finding the right object and method of measurement is a major facet of building a Cyber Resilience strategy. Identifying these objects is necessary to help align cybersecurity, risk management, and business leadership on the same objectives. Once they have a shared objective, they can make decisions together to share with the board – or, as Seiersen calls them, the “money people.” Communicating with the money people requires speaking a language they understand, and that means translating cyber risk into dollars and cents. 

If you want to go deep on how to “Moneyball” your cyber risk, you can also watch the first installment of Rich’s webinar series, “How to Build a Defensible Cybersecurity Budget.” 

2. The Rise of the Cyber Resilient Leader 

Before his elevation to Chief Cyber Resilience Officer (CCRO), the first in the industry, Rich Seiersen wrote “The Rise of the Cyber Resilient Leader,” outlining why this new role is important in helping organizations better manage their cyber risk. This piece established the backbone of the Chief Cyber Resilience Officer mindset and the responsibilities that the role entails, working as a comprehensive guide for cybersecurity professionals who hope to take on these responsibilities. 

“Risk leaders must make trade-offs. They must respond responsibly to economic headwinds. And they must react to the myriad threats created by digital transformation,” said Seiersen. “A cyber resilient leader makes those tradeoffs without exacerbating loss nor incurring moral hazard. They operate from a set of principles that emphasize building economically efficient strategies. “

If you want to read more about the new role of the CCRO, you can read our newest blog on this role.

3. The Resilience Mid-Year 2023 Claims Report 

Resilience’s mid-year 2023 claims report made considerable contributions to our understanding of the current risk landscape and how we believe it would continue to evolve throughout the end of 2023. The report was built on five key findings made from both Resilience’s internal data and data from ransomware incident response partner Coveware, blockchain analytics firm Chainanalysis, security partner Zscaler, and security firm Sophos

Our findings showed us that ransomware is evolving as organizations become more resilient against making extortion payments. This has led threat actors to shift in two ways: going after larger organizations that have deeper pockets in hopes that they will be more inclined to make a payment and shifting to large-scale third-party breaches to hit more organizations at once. This shift has led third-party risk to become Resilience’s top cause-of-loss AND point-of-failure.

“This shift in Resilience claims data demonstrates how suddenly the threat landscape evolves as criminal actors create their own criminal market forces, sometimes including regulating their affiliates. These forces directly affect the insurance market, as clients feel the impact through incidents, and insurers see the correlating rise in claims.” 

To learn more about Resilience’s internal findings and how we’ve helped our clients build cyber resilience, check out our 2022 Claims Report.  

4. Why Enterprises Need More Than Insurance 

Though incredibly important to the entire cyber risk management process, insurance alone is not enough to build Cyber Resilience. Insurance is designed to transfer risk, not mitigate it or help you understand your tolerance to risk, which is why finding the right balance between risk acceptance, security controls, and risk transfer, is necessary to protect your environment. 

“In a cyber risk climate where adversary tactics are constantly shifting, Resilience’s holistic approach to risk management has helped us achieve loss ratios that are less than 1/3rd of the industry average in 2022 and has had dramatic results in keeping clients resilient to ransomware.” 

For more about our approach to managing cyber risk by evolving cyber insurance to cyber resilience, check out our website and sign up for a demo.

5. Threatonomics Newsletter

Month after month, one of Resilience’s most popular featured items on LinkedIn is our monthly newsletter. This installment offers concise summaries of the blogs, industry-focused threat intel, details on ongoing threat campaigns, and “in case you missed it” news features from the month. The Resilience newsletter is a one-stop shop for all of our most recent findings, most relevant news, and any need-to-know information on managing cyber risk. 

Published towards the end of each month, the Resilience newsletter helps our clients stay informed and up-to-date on the latest news and trends in cyber risk. To sign up for our newsletter, follow Resilience on LinkedIn

As we end the year, we hope this wrap-up inspires you to reflect on the cyber landscape of 2023 and consider how past learnings can build future cyber resilience efforts. Learn more about what trends we expect to see in the new year by reading our piece, “10 Predictions for Cyber Risk in 2024.” 

You might also like

Scattered Spider strikes again in recent UK retail attacks

In the past two weeks, the UK retail industry has faced an unprecedented wave of sophisticated cyberattacks, exposing critical vulnerabilities across the sector. The high-profile breaches at Marks & Spencer, Harrods, and others have sent shockwaves through the industry, with M&S alone suffering an estimated £3.8 million in lost online sales per day and seeing […]

See what a cyber attack could really cost your enterprise

Data breaches cost U.S. businesses an average of $9.36 million per breach in 2024, yet many enterprises still struggle to quantify their specific cyber risk exposure in financial terms. How do you translate complex technical vulnerabilities into language that your CFO, board members, and other stakeholders can understand and act upon? We’re excited to announce […]

A decision scientist’s perspective on AI

As the Senior Director of Cyber Resilience at Resilience, I bring a somewhat unconventional perspective to the table. Unlike many in our industry who come from traditional cybersecurity or insurance backgrounds, my expertise lies in decision science. Throughout my career, I’ve been fascinated by one central question: How can we help people make good decisions […]

What enterprises over $10 billion need to know about managing cyber risk

The role of the Chief Information Security Officer has undergone a profound transformation from a purely technical role to a strategic business one in recent years. For CISOs operating in organizations with over $10 billion in revenue—a segment that Resilience has recently expanded its cyber risk solutions to serve—the shift comes with unique pressures and […]

How to create an effective Incident Response Plan

Cyberattacks are no longer a distant threat—they are a certainty. Whether it’s a ransomware attack, data breach, or insider threat, organizations must be prepared to respond quickly and effectively. Without a solid plan in place, even a minor security incident can spiral into a major crisis, leading to financial losses, reputational damage, and regulatory penalties. […]

Understanding the ClickFix attack

Imagine a cyberattack so simple yet so deceptive that all it takes is three keystrokes to compromise your system. This is the reality of the ClickFix attack, a threat that Resilience threat researchers have observed in the wild since 2024 and that seems to be ramping up in recent weeks. ClickFix cleverly manipulates users into […]