FAIR vs Resilience
Threatonomics

Building a Budget and Network for Resilience

The Cyber Advocacy Program

by Amanda Bevilacqua , US Claims Operations Leader
Published

Cyber risk is no longer just an IT challenge.

It has become a complex business problem that requires the collective effort of experts across cyber security, insurance, and financial and executive leadership. In 2023, cybercrime cost $8 trillion globally. Only two years from now, that number is expected to rise to $10.5 trillion in global losses by 2025 (Cybersecurity Ventures 2022). These figures mean now more than ever, cyber risk needs to be managed as a business challenge.

Resilience’s cyber risk management solution empowers security leaders to communicate risk transfer and mitigation objectives to financial leadership effectively. Enhanced data visibility and a network of external experts provided through our Cyber Advocacy program offer the expertise that CISOs, IT teams, and other cyber security leadership need to advocate for their budget and strategy. The program provides access to cyber risk budget training, an Incident Lifecycle Management plan with a pre-vetted client advisory panel, loss control, and governance guidance for third-party risk, and more.

Financial consultant calculating cybersecurity incident response plan budgets

Financial Advocacy and Cyber Risk Budget Training

Resilience was founded by security experts who understand the need for executive-level buy-in. Our Cyber Risk Budget training is designed to help our clients quantify the likelihood of loss exceeding a certain threshold and calculate the return on investment (ROI) of their controls.

The budget training program is designed to communicate what executive and board level stakeholders need to know about cyber risk,” said Amanda Bevilacqua, US Claims Operations Leader. They don’t necessarily need to know about implementing a specific control or process. They simply need to understand how that control or process translates into a better cyber security risk posture and its forecasted ROI.

Amanda Bevilacqua, US Claims Operations Leader

Before our clients share strategies with their stakeholders, our experts engage in virtual tabletop exercises to clarify the specific ROI of certain tools, communicating their necessity in terms of dollars and cents. Advanced AI risk modeling, loss exceedance curves, and a comprehensive overview of the organization’s cyber risk profile help our security clients present this information to their stakeholders in a way that will be more impactful. This overview translates the technical challenges of cyber risk into financially quantified solutions that will allow their organization to continue to deliver value should they experience an incident.

Cyber Security Incident Lifecycle Management

Traditional solutions provide templates and status-quo guidance for incident lifecycle management. Resilience’s process is tailored to our client’s unique risk and entails creating a comprehensive Cybersecurity Incident Response Plan (IRP) that details the steps required to resolve an event. The IRP covers notification, data backup restoration, legal and regulatory requirements, tips to preserve your organization’s reputation, and any other items needed to recover your unique environment. When the IRP is complete, it is tested thoroughly to identify any security gaps and promptly remediate them.

Part of our Incident Lifecycle Management program is offering our clients access to our network of pre-vetted external experts. This client advisory panel includes cybersecurity incident response partners and resources like privacy attorneys, computer forensic investigators, and more.

“This network helps us manage even the most complex situations,” said Bevilacqua. “If our in-house team can’t handle something, we have an external expert in the loop who can.”

Third-Party Risk Governance

Through access to security data and visibility into our clients’ risk profiles, our solution offers an extensive third-party risk governance program. This entails comprehensive State-of-your-Risk reports for up to 15 pivotal vendors, in-depth questionnaires to understand your vendor’s cyber risk profiles, and instruction to help align your vendor network with your organization’s security standards.

The impact of vendor breaches can be expansive, unpredictable, and difficult to recover from. After the MOVEit breaches in Q2 2023, third-party vendor risk has become Resilience’s number one point of failure – replacing phishing for the first time in our claim’s history. It is more important now than ever to take the steps necessary to protect your environment from your vendor’s risk, as these incidents will only grow more popular post-MOVEit’s success.

The Cyber Advocacy program is designed to give security and risk management all of the information they need to advocate for the tools they need to meet strategic business objectives. It works to accelerate stakeholder buy-in at all levels by offering data, analysis, and the financial threshold required to build a strong cyberinfrastructure.

“The Cyber Advocacy program offers our clients a responsive network ready to mobilize and capable of managing any incident,” said Bevilacqua. “This partnership approach is a key component of helping our clients remain cyber resilient in the face of growing threats.”

Ready for the first step to cyber resilience? Request a demo.

About the Author
Amanda Bevilacqua , US Claims Operations Leader

Amanda Bevilacqua is the Director of Security Engagement and Claims at Resilience where she oversees client onboarding and the Resilience Ransomware War Game Tabletop Exercises. Prior to joining Resilience in 2021, Surovec served as claims manager at Beazley and as a claims specialist at Sphere Risk Partners. Surovec holds a BA in Human Development and Family Studies from Penn State University.

You might also like

Contrasting and comparing FAIR with the Resilience solution

As market awareness of cyber risk quantification grows, we frequently receive questions from clients and curious risk managers about FAIR (Factor Analysis of Information Risk)—what it is, whether it truly provides accurate cyber risk quantification, the effort needed to set it up and maintain, and more. Clients often ask us to compare the FAIR methodology […]

How does Resilience establish the probabilities presented in my LEC?

Managing risk successfully at any level requires an understanding of a concept called “probability.” As both an insurance company (risk transfer) and a cyber risk management company, Resilience relies on understanding probabilities to price our services and to guide our clients to greater levels of cyber resilience. As we often receive questions from our clients […]

Moving beyond heat maps for better risk management

Heat maps are among the most widely used—and debated—tools for risk managers worldwide to communicate risks in their registries or project portfolios. Despite their popularity, we advise leaders seeking transparency in discussing risk and value to avoid relying on them. What are heat maps? Risk managers often use heat maps (or risk matrices) to represent […]

Breaking Lemonade: Understanding Value at Risk

I talk a lot about value-at-risk among my colleagues, with our customers, and the broader market. Value-at-risk may be the single most important measure to grasp, without which one cannot accurately measure risk transfer, excess risk, risk acceptance, and return on controls. Yet, these are all important concepts that leadership in modern organizations need to […]

Would you fall for a live deepfake?

The Office of Senate Security revealed last week that the head of the Senate Foreign Relations Committee was targeted in a deep fake video call. An unknown person, claiming to be the former Ukrainian Minister of Foreign Affairs, Dmytro Kuleba, lured the Senator onto a Zoom call. The attack was thwarted when the Senator and […]

Artificial Intelligence for Cyber Resilience

AI tools are shifting the calculus for cyber defense by enhancing key areas such as vulnerability mapping, breach detection, incident response, and penetration testing. This integration could help an organization bolster its cyber resilience against an ever-evolving threat landscape. AI tools could automate the discovery and monitoring of vulnerabilities, providing real-time updates of an organization’s […]