Q&A with Kyle Bryant of Resilience, on effective cyber resilient strategies - Image by Mohamed Hassan from Pixabay Kyle Bryant, Chief Underwriting Officer, International at Resilience, discusses why investment in cybersecurity is now more important than ever.

Why is it that the current level of cyber risk has increased?

The cyber landscape has shifted dramatically in recent years. Through the pandemic, digital transformation accelerated at an unprecedented pace as businesses worldwide adapted to new ways of digital working. This increased interconnectivity means the attack surface that is vulnerable to cyberattacks has expanded rapidly as well.

The UK Government recognised the seriousness of this rapid development and published its first National Cyber Strategy in January 2022. That was followed 11 months later with the National Cyber Advisory Board’s inaugural meeting to discuss the £2.6 billion strategy. Acknowledging the critical importance of cybersecurity across the entire economy, the strategy outlined the UK’s plans for building a more cyber resilient public sector by 2030.

Since the strategy was published last January, new threats have come to the fore. Russia’s invasion of Ukraine as well as a growing economic and energy crisis have left the security of the UK’s critical national infrastructure (CNI) in the balance. Cyberattacks have become more common in the UK since the outbreak of the Russia-Ukraine war. The UK’s energy sector was the most targeted industry for cyberattacks in 2021, comprising 24% of all cybersecurity incidents. Cyberattacks on health organisations also rose by 90% between April to June 2022, compared to January to March 2022.

Why is it important that these sectors are protected?

The implications of an attack on any aspect of the UK’s CNI would be catastrophic. With an energy supply crunch looming and many households already unable to afford heating, any attack on the country’s energy grid would be incredibly damaging, particularly during winter months. Similarly, attacks on the NHS would be disastrous for patients who require life-saving treatment. There are already precedents for this. In September, the sabotage of the Nord Stream underlined the tenuous security of energy supply in Europe. A cyberattack impacted the NHS in August 2022.

Threats can also come from third party suppliers. When the NHS was attacked in 2022, hackers targeted its software supplier, Advanced. The attack shut down access to various services of the NHS, including primary care, treatment, personnel files, and finance systems. Following the attack, the hackers were able to extract client data, with key NHS software systems inaccessible for up to two months. With a system already under constant strain, the UK cannot afford such vulnerabilities to be compromised again.

What are effective cybersecurity strategies?

Traditional approaches to cyber risk, such as focusing only on technology solutions, are no longer sufficient. As digital transformation has advanced, so has the technology used by cyber criminals, making cyber incidents difficult to stop completely. This is why it is vital that firms take a holistic approach. They must balance their technical defences with risk transfer to protect their business. We call this approach ‘cyber resilience’.

Crucially, an effective cybersecurity strategy has to be cost-effective. Cyber resilience is about balancing security with capital allocation, helping firms make the most of their budget and resources. Cyber risk quantification modelling can help businesses quantify the effectiveness of their cyber resilience strategies. It uses analytics to evaluate a firm’s cybersecurity return on investment, as well as the value-at-risk their cyber insurance is helping buy down.

What makes Resilience’s approach different?

As cybercrime becomes more sophisticated, insurers have had to increase their demands, asking for more thorough risk assessments and creating more detailed insurance policies.

Resilience takes a different approach, by focusing on building cyber resilience in its clients by providing advanced cybersecurity visibility, actionable cyber hygiene recommendations, and accountable risk transfer. The team consists of senior underwriting professionals, ex-military and national security professionals, as well as industry leaders from global insurance and technology firms. Resilience gives clients the opportunity to consult and connect to a range of cybersecurity and insurance professionals.

What three questions should CEOs ask their Chief Risk Officers?

The first question CEOs should ask their risk team should be how they are working together to identify and quantify the main risks for the firm. Companies typically manage their insurance and cybersecurity in silos. This has to change in order to better assess, measure, and manage the complexities of cyber risks today.

Secondly, CEOs should check with their risk team what insurers can provide to support their firms’ cyber resilient strategies. What data can your risk team glean that can better inform risk management investments?

Finally, CEOs should check what their risk team is doing to build a culture of cyber safety awareness in the business. As the owners of this risk, their team can be tremendous advocates for improving employee attitudes towards cybersecurity and make entire organisations less vulnerable to targeted attacks.

resilience Resilience is the next-generation cyber risk company that’s on a mission to help make the world cyber resilient.

Founded in 2016 by experts from across the highest tiers of the US military and intelligence communities, augmented by prominent leaders and innovators from the insurance and technology industries, the privately-held firm is rewriting the rules of how cyber risk is assessed and managed for middle to large market enterprises. Rooted in decades of experience, Resilience helps financial, risk, and information security leaders continuously improve their organisations’ cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

Resilience is proud to be backed by leading technology investment firms including General Catalyst, Lightspeed Venture Partners, Intact Ventures, Founders Fund, CRV, and Shield Capital. With headquarters in San Francisco, Resilience’s team is globally dispersed with offices in New York, Chicago, Baltimore, Toronto, and London. Resilience offers insurance coverage through its licensed and appointed insurance agency, and security services through its expert security team.


Please enter your comment!
Please enter your name here