Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Resilience: the Cyber Risk Partner for the AWS Cloud

Achieving the Amazon Web Services Cyber Insurance Competency

by Davis Hake , Co-Founder & VP of Communications
Published

Managing cloud security is a core focus of cyber resilience efforts.

While many organizations are focusing on their cloud maturity level, a report of over 500 security professionals by Fidelis finds that 95% “are moderately to extremely concerned about the security of public clouds, signaling a need for the adoption of better security tools and practices.”

This concern makes sense as the risk of a vendor data breach has consistently ranked among Resilience clients’ top insurance losses. Further, reporting from security firm Thales found that 39% of businesses surveyed experienced a data breach within their cloud environment in 2023, and over a third reported challenges in hiring for cloud security expertise.

To help our client base manage these challenges and build a Cyber Resilient cloud environment, Resilience has recently achieved the Amazon Web Services (AWS) Cyber Insurance Competency. AWS is the number one global cloud service provider as of 2023, with over 100 trillion objects housed in its simple storage service. By achieving this competency, Resilience can help our AWS clients manage their cloud security through enhanced visibility and targeted recommendations designed to improve their risk posture. 

The borderless and dynamic nature of cloud risk makes it challenging to manage.  

The Flexera 2023 State of the Cloud Report cites cloud security as a top challenge for 79% of all organizations due to the inherently dynamic, borderless, and unstructured environment” of the cloud. According to Statista, these top concerns include data loss and leakage (69%), data privacy and confidentiality (66%), and accidental exposure of credentials (44%).  These challenges reflect the difficulty in managing the scale and complexity of hundreds of thousands of assets, understanding your role within the shared responsibility model of the cloud, and identifying proprietary applications and services that may not integrate with security tools. This means that common vulnerabilities, misconfigurations, and poor identity and access management controls can too easily go unnoticed and be exploited. 

Failing to address any of these items leads to security blind spots that can open the door to opportunistic attacks. 

In order to manage the risk that organizations are responsible for while maintaining vigilance around tool integration, in-depth visibility into their cloud environment is pivotal. However, this visibility is just data without vigilant monitoring and experts in the loop who can contextualize cloud risk within the organization’s unique environment.  

The challenges of managing cloud security are compounded by the lack of resources and expertise within the field. 

Currently, 80% of organizations do not have a dedicated cloud security team or lead. This means most organizations have limited resources dedicated to managing or monitoring their cloud risk. The Osterman survey “State of Cloud Security 2022,” shows the difficulty of large organizations in managing their cloud risk. The survey found that 93% of large-size organizations have only achieved low levels of cloud security maturity and that smaller organizations are 3x more likely to achieve higher maturity levels.

Source: Osterman Research State of Cloud Security Maturity 2022

Barriers to achieving higher maturity include highly manual tasks such as managing privileged access controls, tracking user activity across cloud applications, detecting cloud misconfigurations, evaluating compliance and security best practices, and establishing Just-in-Time (JIT) access to cloud infrastructure environments. With their scale and scope and a lack of cloud security experts, it is no wonder that the larger the organization, the more risks it faces. 

Cloud security maturity requires an immense level of visibility and specialization.  

Recognizing the threat of increased cloud risk to our client base of mid-sized and larger organizations, Resilience worked to achieve the AWS Cyber Insurance Competency. This specialization provides technical integrations that help Resilience customers who use AWS understand their cloud exposure and make targeted improvements to their security posture.

As partners with AWS, Resilience now has the capability to integrate our services with our customers’ cloud environment by way of AWS Security Hub. Through this integration, Resilience security experts can provide an enhanced level of visibility into our clients’ cloud security and actionable recommendations on how to improve their cloud security posture. These capabilities enable our clients to take timely actions to reduce their risk exposure and work toward higher cloud security maturity. 

Our enhanced cybersecurity visibility within our clients’ AWS infrastructure also helps clients translate their cyber risk into financially quantified recommendations through their Quantified Cyber Action Plans. This helps in prioritizing their investment in controls and risk transfer through a clear RoI analysis that takes into consideration their cloud environment. 

Expanding our capabilities to AWS’ cloud environment is a key part of Resilience’s mission to build a comprehensive and holistic cyber risk management solution. We are thrilled to partner with AWS to make this capability available to our clients. Learn more about how this partnership has helped our clients build resilience against cloud challenges. 

About the Author
Davis Hake , Co-Founder & VP of Communications

Davis Hake is the Co-Founder and Vice President of Communications and Policy at Resilience Insurance. Prior to starting at Resilience in 2016, Hake managed cybersecurity strategy for Palo Alto Networks, served on the National Security Council, The White House, and was a lead author of cybersecurity legislation in the U.S. Congress. Hake is also currently an Adjunct Professor of Cyber Risk Management at the University of California, Berkeley and a Term Member of the Council on Foreign Relations.

You might also like

Does Resilience use your company data to train AI?

In an era where “AI training” has become synonymous with data collection, we get this question a lot: “Does Resilience use our company data to train AI models like ChatGPT?” The short answer? No. But the full answer reveals something more interesting about how we approach cyber risk modeling and why we chose a different […]

New insights on the evolving threat landscape, from our 2025 Midyear Cyber Risk Report 

The cybersecurity world is experiencing an unexpected paradox in 2025. While cyber insurance claims in the Resilience portfolio dropped by 53% in the first half of the year—suggesting that organizations are getting better at preventing attacks—the financial damage from successful incidents has actually increased. Our latest 2025 Midyear Cyber Risk Report reveals that when cybercriminals […]

The seven places you should be looking when building your vendor list

In our first post, we established why comprehensive vendor discovery matters and how most organizations approach it incorrectly. Today, we’re diving into the practical mechanics: the seven data streams that can reveal vendor relationships hiding in your existing systems. The key insight is to start with data you already have rather than surveys or questionnaires. […]

How to get people to care about security when they don’t report to you

Getting executive sign-off on a new control? Hard. Getting peer buy-in on security initiatives when they don’t report to you? Harder. In modern organizations, cybersecurity professionals often find themselves in the ultimate matrix of organizational challenges: you need buy-in from every department within the organization – operations, sales, HR, and finance – but none of […]

Why vendor discovery matters now (and how most organizations get it wrong)

The average enterprise relies on hundreds—sometimes thousands—of third-party vendors to operate. Yet when security leaders are asked for a complete inventory of these vendors, the response is often a patchwork of spreadsheets, outdated procurement lists, and educated guesses. This vendor blindness isn’t just an operational inconvenience—it’s a critical business risk that’s becoming increasingly expensive to […]

The healthcare cybersecurity crisis that’s costing organizations millions in damages

The U.S. healthcare sector faces an unprecedented cybersecurity crisis. With 168 million healthcare records breached in 2023 and ransomware attacks surging 32% in 2024, the industry confronts threats that have evolved beyond data theft to sophisticated campaigns capable of paralyzing critical patient care infrastructure. Despite these trends, cybersecurity often receives insufficient leadership attention. A 2025 […]