Threatonomics

Does Resilience use your company data to train AI?

by David Meese , Director, Security and Risk Services
Published

Understanding our approach to data, modeling, and AI in cyber risk quantification

In an era where “AI training” has become synonymous with data collection, we get this question a lot: “Does Resilience use our company data to train AI models like ChatGPT?”

The short answer? No. But the full answer reveals something more interesting about how we approach cyber risk modeling and why we chose a different path.

What is AI, anyway?

When most people hear “AI,” they think of systems like ChatGPT that learn by consuming vast amounts of data. But AI isn’t a single tool—it’s an entire toolbox. And for cyber risk quantification, we’ve chosen a very different instrument: Bayesian networks.

Think of the difference this way: ChatGPT is like a student learning a new language by reading millions of books. Our Bayesian network is more like a detective building a web of clues—it doesn’t “learn” in the traditional sense, but rather uses mathematical reasoning to connect evidence and calculate probabilities.

The science behind our approach

Our Bayesian network approach rests on three core principles that distinguish it from machine learning models. Rather than letting algorithms discover patterns in data, we build structured mathematical frameworks that mirror how risk actually propagates through organizations. Here’s what that looks like:

1. Expert-designed architecture

Our models aren’t trained by feeding them raw data and hoping they figure things out. Instead, they’re carefully architected by human experts using a principle called decomposition. We take the enormously complex question of “What’s our cyber risk?” and break it down into hundreds of smaller, answerable questions like:

  • Is multi-factor authentication enforced on critical systems?
  • How quickly does the organization patch vulnerabilities?
  • What’s the maturity of the incident response program?

2. Cause and effect mapping

The real power lies in how these factors connect. Our Bayesian network maps the probabilistic relationships between security controls, threat vectors, and potential financial impacts. When you implement a new security control, the model can calculate exactly how that change affects your overall risk profile.

3. Reasoning with evidence

Here’s where data becomes powerful: it serves as evidence that helps the model reason about specific situations. Every signal, from automated security tool integrations to platform assessments, feeds into a unique instance of the model, creating a precise, mathematical understanding of risk.

Your data journey

The process is designed around a simple principle: your data should benefit you first and most.

Step 1: You provide the evidence 

Through seamless integrations and assessments, you share data points (we call them “signals”) about your security posture.

Step 2: We quantify your risk 

These signals feed directly into your company-specific statistical model, which calculates the financial risk associated with your unique security environment.

Step 3: You get actionable intelligence 

The output is your Loss Exceedance Curve (LEC)—a clear visualization of your financial risk—and your Cyber Action Plan (CAP), a risk-reduction-prioritized list of security initiatives.

The more complete your signals, the more precise your risk analysis becomes. It’s a direct, transparent value exchange.

The population health model of cyber risk

While your data powers your individual risk analysis, we also use anonymized, aggregated insights to continuously improve our models. Think of it like population health research:

  • Your doctor uses your specific test results to diagnose and treat you
  • Public health officials use anonymized data from thousands of patients to understand disease trends and refine medical guidelines

We apply the same principle to cyber risk. By analyzing broad, anonymized patterns across our client base and claims portfolio, we can refine our understanding of emerging threats and control effectiveness—without ever exposing individual company data.

This approach creates what we call the virtuous cycle of resilience:

  • You benefit from increasingly accurate, personalized risk insights and clearer improvement strategies
  • We benefit from building a more stable insurance program based on better risk understanding
  • All clients benefit from continuously evolving models that provide sharper insights year after year

Building partnership through transparency

At Resilience, we believe that true partnership requires complete transparency about how we handle your most sensitive asset: your data. Our statistical modeling approach isn’t just more privacy-conscious than traditional AI training—it’s more effective for the specific challenge of cyber risk quantification.

When you’re choosing a cyber risk partner, you’re not just selecting a vendor: you’re choosing an approach to understanding and managing risk. We’ve chosen the path of the detective over the student, precision over pattern-matching, and transparency over black boxes.

Because in cyber risk, the stakes are too high for anything less than complete clarity about how your data creates value for your organization.

About the Author
David Meese , Director, Security and Risk Services

You might also like

What business leaders need to know about post-quantum cyber risk

Quantum computing is on the horizon and with it comes a seismic shift in how organizations must think about cybersecurity risk. The ability of future quantum machines to break today’s cryptographic protections–what we call quantum decryption–could undermine the trust, confidentiality, and resilience of digital business.                                                                                          As part of Cybersecurity Awareness Month, throughout October we are […]

The false promise of paying criminals to delete your data

On October 6, 2025, hackers demanded ransom from Salesforce for nearly one billion stolen customer records. The company’s response was unequivocal: no payment, no negotiation. While the refusal made headlines, the more important question is why Salesforce—and increasingly, other mature organizations—are walking away from the table when criminals offer to “suppress” stolen data. The answer […]

A CISO’s guide to winning the annual budgeting battle

It’s that time of year again. Finance has sent the email with the budget template attached. Your CFO wants preliminary numbers by next week. And you’re staring at a spreadsheet wondering how to justify the security investments your organization desperately needs when last quarter’s board meeting included the phrase “do more with less.” Welcome to […]

How brokers and CISOs can lead the charge for Cybersecurity Awareness Month 2025

October is Cybersecurity Awareness Month, and this year’s theme—”Building a Cyber Strong America“—has never been more relevant. For over two decades, this initiative led by CISA and the National Cybersecurity Alliance has spotlighted the importance of taking daily action to reduce online risks. In 2025, the focus shifts to the government entities and small-to-medium businesses […]

What the Collins Aerospace outage reveals about vendor risk

On September 19, 2025, chaos erupted at airports across Europe—but not because of weather, strikes, or mechanical failures. Collins Aerospace’s MUSE platform, the digital backbone handling passenger check-in and baggage processing from Heathrow to Dublin, went dark after a ransomware attack. Within hours, major airports including Brussels, Berlin, and Dublin were forced to revert to […]

New insights on the evolving threat landscape, from our 2025 Midyear Cyber Risk Report 

The cybersecurity world is experiencing an unexpected paradox in 2025. While cyber insurance claims in the Resilience portfolio dropped by 53% in the first half of the year—suggesting that organizations are getting better at preventing attacks—the financial damage from successful incidents has actually increased. Our latest 2025 Midyear Cyber Risk Report reveals that when cybercriminals […]