cyber resilience framework
Threatonomics

Financially Proven AI for Dynamic Threats

The Resilience Platform

by Ann Irvine , Chief Data and Analytics Officer
Published

Today, the hype around AI is extreme.

The B2B SaaS market is flooded with companies trying to leverage new natural language generation technologies but struggling to focus on a real-world problem. In this sea of smoke and mirrors, Resilience maintains its singular focus. Our technology is purpose-built for a specific domain – cyber resilience.

Our business has proven the financial accuracy of our cyber resilience AI models, and we have expanded our solution to offer these insights directly to customers. We help customers manage their cyber risk through both a technical and a financial lens by capturing signals relevant to their unique risk. These signals then inform our AI models, which together paint a detailed and understandable picture of their cyber risk.

This specialization allows us to predict which threats have the most potential to impact an organization and which tools will be most effective in prevention and mitigation. Combining knowledge from cyber insurance, cybersecurity, and risk quantification enables our models to forecast the financial impact of different scenarios, the return on investment (ROI) of certain security tools, and the cost of risk transfer.

Financially-Proven AI

The intelligence task that we’re solving at Resilience is understanding, quantifying, and managing cyber risk. “This task isn’t well-suited for artificial general intelligence tools like ChatGPT, but we have long used AI and machine learning technology to power our cyber risk models,” said Dr. Ann Irvine, Chief Data Scientist and VP of Product Management at Resilience. “Making these models available to customers helps them understand their cyber risk from a financial perspective– which is a new way of thinking for many security leaders.”

Security leaders dream of a world where they can prevent any and all potential incidents by creating a bulletproof network. However, the reality of cybersecurity is that securing your infrastructure against everything in perpetuity is impossible. Our risk models are designed to help security leaders decide which controls will be the most impactful and where they should direct their attention and budget to have the highest impact from a financial standpoint. We are so confident in our model’s financial accuracy that we use them to underwrite our insurance policies.

Resilience’s AI models mimic how the best cyber-risk experts model and approach cyber risk, from understanding the initial sources of exploitation to calculating the business impact of an attack. Our models help security and business leaders make confident and financially-backed decisions around exposures and controls. They analyze the effectiveness of adopting specific security tools, the cost of accepting risk, and how much risk to transfer through insurance. This in-depth analysis weighs the cost-benefit ratio of different investments and provides data-driven recommendations that align with the client’s risk appetite and financial goals.

AI and Continuous Learning 

An organization’s risk profile is not static but evolves continuously due to new threats and internal transformations like acquiring a company or migrating data to the cloud. Our AI platform is specifically designed to address this challenge by continuously updating based on our most recent understanding of an organization’s controls, exposures, and the threat landscape.

The Resilience platform is designed to work even when there are gaps in information, ensuring clients can onboard and see value quickly. “The more our clients engage with our AI platform and provide more information and data, the more accurate and tailored the cyber risk analyses and recommendations become,” said Irvine.

While no model is perfect, Resilience’s risk models can be used to connect the silos between security, risk management, and financial leadership in a strategic conversation about cyber risk.

About the Author
Ann Irvine , Chief Data and Analytics Officer

You might also like

How ransomware groups are changing the game with double extortion

Double extortion has become the industry standard. According to our recent analysis of Resilience cyber insurance claims, ransomware attacks now routinely involve two distinct ransom demands: one for the decryption key to unlock encrypted systems, and another to prevent stolen data from being published on leak sites or sold to competitors. This shift represents more […]

What the Collins Aerospace outage reveals about vendor risk

On September 19, 2025, chaos erupted at airports across Europe—but not because of weather, strikes, or mechanical failures. Collins Aerospace’s MUSE platform, the digital backbone handling passenger check-in and baggage processing from Heathrow to Dublin, went dark after a ransomware attack. Within hours, major airports including Brussels, Berlin, and Dublin were forced to revert to […]

Does Resilience use your company data to train AI?

In an era where “AI training” has become synonymous with data collection, we get this question a lot: “Does Resilience use our company data to train AI models like ChatGPT?” The short answer? No. But the full answer reveals something more interesting about how we approach cyber risk modeling and why we chose a different […]

New insights on the evolving threat landscape, from our 2025 Midyear Cyber Risk Report 

The cybersecurity world is experiencing an unexpected paradox in 2025. While cyber insurance claims in the Resilience portfolio dropped by 53% in the first half of the year—suggesting that organizations are getting better at preventing attacks—the financial damage from successful incidents has actually increased. Our latest 2025 Midyear Cyber Risk Report reveals that when cybercriminals […]

The seven places you should be looking when building your vendor list

In our first post, we established why comprehensive vendor discovery matters and how most organizations approach it incorrectly. Today, we’re diving into the practical mechanics: the seven data streams that can reveal vendor relationships hiding in your existing systems. The key insight is to start with data you already have rather than surveys or questionnaires. […]

How to get people to care about security when they don’t report to you

Getting executive sign-off on a new control? Hard. Getting peer buy-in on security initiatives when they don’t report to you? Harder. In modern organizations, cybersecurity professionals often find themselves in the ultimate matrix of organizational challenges: you need buy-in from every department within the organization – operations, sales, HR, and finance – but none of […]