Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Resilience: the Cyber Risk Partner for the AWS Cloud

Achieving the Amazon Web Services Cyber Insurance Competency

by Davis Hake , Co-Founder & VP of Communications
Published

Managing cloud security is a core focus of cyber resilience efforts.

While many organizations are focusing on their cloud maturity level, a report of over 500 security professionals by Fidelis finds that 95% “are moderately to extremely concerned about the security of public clouds, signaling a need for the adoption of better security tools and practices.”

This concern makes sense as the risk of a vendor data breach has consistently ranked among Resilience clients’ top insurance losses. Further, reporting from security firm Thales found that 39% of businesses surveyed experienced a data breach within their cloud environment in 2023, and over a third reported challenges in hiring for cloud security expertise.

To help our client base manage these challenges and build a Cyber Resilient cloud environment, Resilience has recently achieved the Amazon Web Services (AWS) Cyber Insurance Competency. AWS is the number one global cloud service provider as of 2023, with over 100 trillion objects housed in its simple storage service. By achieving this competency, Resilience can help our AWS clients manage their cloud security through enhanced visibility and targeted recommendations designed to improve their risk posture. 

The borderless and dynamic nature of cloud risk makes it challenging to manage.  

The Flexera 2023 State of the Cloud Report cites cloud security as a top challenge for 79% of all organizations due to the inherently dynamic, borderless, and unstructured environment” of the cloud. According to Statista, these top concerns include data loss and leakage (69%), data privacy and confidentiality (66%), and accidental exposure of credentials (44%).  These challenges reflect the difficulty in managing the scale and complexity of hundreds of thousands of assets, understanding your role within the shared responsibility model of the cloud, and identifying proprietary applications and services that may not integrate with security tools. This means that common vulnerabilities, misconfigurations, and poor identity and access management controls can too easily go unnoticed and be exploited. 

Failing to address any of these items leads to security blind spots that can open the door to opportunistic attacks. 

In order to manage the risk that organizations are responsible for while maintaining vigilance around tool integration, in-depth visibility into their cloud environment is pivotal. However, this visibility is just data without vigilant monitoring and experts in the loop who can contextualize cloud risk within the organization’s unique environment.  

The challenges of managing cloud security are compounded by the lack of resources and expertise within the field. 

Currently, 80% of organizations do not have a dedicated cloud security team or lead. This means most organizations have limited resources dedicated to managing or monitoring their cloud risk. The Osterman survey “State of Cloud Security 2022,” shows the difficulty of large organizations in managing their cloud risk. The survey found that 93% of large-size organizations have only achieved low levels of cloud security maturity and that smaller organizations are 3x more likely to achieve higher maturity levels.

Source: Osterman Research State of Cloud Security Maturity 2022

Barriers to achieving higher maturity include highly manual tasks such as managing privileged access controls, tracking user activity across cloud applications, detecting cloud misconfigurations, evaluating compliance and security best practices, and establishing Just-in-Time (JIT) access to cloud infrastructure environments. With their scale and scope and a lack of cloud security experts, it is no wonder that the larger the organization, the more risks it faces. 

Cloud security maturity requires an immense level of visibility and specialization.  

Recognizing the threat of increased cloud risk to our client base of mid-sized and larger organizations, Resilience worked to achieve the AWS Cyber Insurance Competency. This specialization provides technical integrations that help Resilience customers who use AWS understand their cloud exposure and make targeted improvements to their security posture.

As partners with AWS, Resilience now has the capability to integrate our services with our customers’ cloud environment by way of AWS Security Hub. Through this integration, Resilience security experts can provide an enhanced level of visibility into our clients’ cloud security and actionable recommendations on how to improve their cloud security posture. These capabilities enable our clients to take timely actions to reduce their risk exposure and work toward higher cloud security maturity. 

Our enhanced cybersecurity visibility within our clients’ AWS infrastructure also helps clients translate their cyber risk into financially quantified recommendations through their Quantified Cyber Action Plans. This helps in prioritizing their investment in controls and risk transfer through a clear RoI analysis that takes into consideration their cloud environment. 

Expanding our capabilities to AWS’ cloud environment is a key part of Resilience’s mission to build a comprehensive and holistic cyber risk management solution. We are thrilled to partner with AWS to make this capability available to our clients. Learn more about how this partnership has helped our clients build resilience against cloud challenges. 

About the Author
Davis Hake , Co-Founder & VP of Communications

Davis Hake is the Co-Founder and Vice President of Communications and Policy at Resilience Insurance. Prior to starting at Resilience in 2016, Hake managed cybersecurity strategy for Palo Alto Networks, served on the National Security Council, The White House, and was a lead author of cybersecurity legislation in the U.S. Congress. Hake is also currently an Adjunct Professor of Cyber Risk Management at the University of California, Berkeley and a Term Member of the Council on Foreign Relations.

You might also like

Why vendor discovery matters now (and how most organizations get it wrong)

The average enterprise relies on hundreds—sometimes thousands—of third-party vendors to operate. Yet when security leaders are asked for a complete inventory of these vendors, the response is often a patchwork of spreadsheets, outdated procurement lists, and educated guesses. This vendor blindness isn’t just an operational inconvenience—it’s a critical business risk that’s becoming increasingly expensive to […]

The healthcare cybersecurity crisis that’s costing organizations millions in damages

The U.S. healthcare sector faces an unprecedented cybersecurity crisis. With 168 million healthcare records breached in 2023 and ransomware attacks surging 32% in 2024, the industry confronts threats that have evolved beyond data theft to sophisticated campaigns capable of paralyzing critical patient care infrastructure. Despite these trends, cybersecurity often receives insufficient leadership attention. A 2025 […]

Your cyber insurance policy could be a target

Organizations invest heavily in cyber insurance policies to shield their businesses from evolving threats, but many overlook a critical vulnerability: the security of the insurance policy documents themselves. While these policies are designed to protect you from cyber threats, they can become powerful weapons when they fall into the wrong hands. Over the past year, […]

A complete guide to domain spoofing

Domain spoofing is a cyberattack technique most commonly used in phishing and fraud, where criminals impersonate a legitimate organization’s domain name to deceive users. Think of it as digital identity theft at scale: Attackers make fraudulent emails or websites appear as if they originate from your trusted company domain, tricking victims into revealing sensitive data, […]

The 3 types of CISOs: How to succeed in any version – and what to do when you’re misaligned

As the CISO, are you and your organization in alignment? The CISO role has evolved dramatically over the past decade, but organizational cybersecurity programs have not always kept pace.  If you think about CISOs like software versions, version 1.0 is your first generation of CISOs, focused on structure and technical architecture. Version 2.0 moves beyond […]

The Security Squeeze

One of the most important features of the Resilience SaaS platform is our Quantified Cyber Action Plan. It supports CISOs making decisions under risk and uncertainty by providing a prioritization for which cyber controls should be implemented, based on their ROI. The power of this approach lies in the fact that it guides the most […]