Cyber Insurance Data Strengthens CISOs’ Case for Cybersecurity Budgets
In an era where cyber threats are escalating, Chief Financial Officers (CFOs) and board members must grasp risk in financial terms. This understanding is crucial for securing adequate cybersecurity budgets. A recent analysis by Resilience, a firm specializing in insurance and risk consultancy, sheds light on how cybersecurity risks can be translated into financial implications that resonate with corporate leaders.
The Financial Language of Cyber Risk
Translating technical cybersecurity risks into business financial risks is a challenge often faced by security professionals. Resilience’s insurance services provide a framework for connecting specific cybersecurity events to potential financial losses. This enables Chief Information Security Officers (CISOs) to articulate technical risks in a manner that CFOs and board members can readily comprehend.
The firm’s latest analysis focuses on ransomware in the manufacturing sector, which has become the most targeted industry. In 2025, it was reported that 25% of cyberattacks were aimed at manufacturing. While the report’s specifics may not apply universally across all sectors, the underlying principles are relevant to various industries.
Key Findings from the Resilience Report
The report draws from Resilience’s proprietary manufacturing cyber insurance claims portfolio, covering the period from March 2021 to February 2026. It synthesizes this data with information from publicly available sources, including IBM X-Force and KELA.
A striking revelation is that 90% of the incurred losses during this timeframe are attributable to ransomware, despite only 12% of claims being related to such attacks. Ransomware incidents are on the rise, particularly in manufacturing, where operational downtime can have catastrophic consequences. The recent attack on Stryker, linked to Iranian hackers, underscores the severity of this threat.
Identifying Vulnerabilities and Points of Failure
The Resilience data provides valuable insights for CISOs by mapping security failure points to the financial costs of incidents. Two significant vulnerabilities emerge from the analysis. First, 13% of losses are due to software vulnerability exploits, highlighting the urgent need for improved patch management practices.
Despite the manufacturing sector facing unique challenges in patching, many organizations across various industries fail to invest in rapid patching solutions. Resilience recommends implementing compensating controls such as network isolation, virtual patching, and enhanced monitoring of vulnerable systems.
More alarmingly, the report indicates that misconfigurations of Multi-Factor Authentication (MFA) account for 26% of financial losses, making it the leading point of failure. This figure is notably higher than the 8% loss attributed to the absence of MFA. The largest recorded loss in the portfolio was a ransomware attack linked to the BlackCat group, which was facilitated by misconfigured MFA.
Continuous Validation of MFA and Other Recommendations
Resilience advocates for treating MFA validation as an ongoing process. The focus should not only be on deploying MFA but also on auditing existing implementations to ensure compliance across all accounts, eliminating bypass conditions, and properly configuring conditional access policies.
Beyond ransomware, the report also highlights losses from transfer fraud and email compromise, which together account for 30% of all claims. These types of attacks are more frequent than ransomware, even if the financial impact is less severe. The primary vulnerability in these cases is phishing, which often leads to credential compromise.
Once attackers obtain valid credentials, they can infiltrate enterprise systems, masquerading as authorized users. Resilience notes that these credentials are primarily acquired through infostealer malware delivered via phishing emails, which surged by 84% year-over-year in 2024, and through credential phishing sites that mimic legitimate login pages.
To combat transfer fraud, the report recommends implementing out-of-band confirmation for payment changes and dual authorization procedures for large transactions. Additionally, targeted social engineering training for finance and accounting teams is essential to mitigate phishing risks.
Broader Implications for Cybersecurity Strategy
While the Resilience analysis primarily addresses ransomware in the manufacturing sector, its recommendations are applicable across various industries and attack vectors. Jud Dressler, head of the Risk Operations Center at Resilience, emphasizes that manufacturers do not need to reinvent their cybersecurity strategies in response to growing threats. By auditing and validating MFA deployments, implementing procedural controls for financial transfers, and investing in ransomware containment and response, organizations can significantly reduce their risk exposure.
The report underscores the importance of translating cybersecurity risks into financial language that resonates with CFOs and boards. The claims data provides a solid foundation for discussions about necessary investments in cybersecurity. The findings indicate that ransomware is a leading cause of loss, with MFA misconfigurations representing a critical point of failure and unpatched software posing a direct risk to financial outcomes. These insights can guide specific control investments and insurance coverage decisions.
Equipped with this data, CISOs can more effectively advocate for the cybersecurity budgets necessary to protect their organizations from evolving threats.
For further insights into the implications of these findings, visit SecurityWeek.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
