CFOs and boards want to know threat in monetary phrases. Insurance coverage knowledge can do that.
Acquiring sufficient cybersecurity funds from the board requires translating technical threat into enterprise monetary threat – a capability that isn’t all the time out there to safety technicians. Resilience, a agency that gives insurance coverage, threat resolution assist and consultancy, can help.
Via its insurance coverage service, Resilience can instantly relate monetary loss to particular cybersecurity occasions and their possible prevalence, permitting CISOs to current technical threat because the financial threat that CFOs and board members readily perceive.
The agency’s newest evaluation does this for ransomware in manufacturing, which is business’s most focused sector (in 2025, 25% of cyberattacks focused manufacturing). Since totally different sectors have totally different traits, the exact particulars don’t signify business and commerce at massive, however the rules contained stay legitimate, and all sectors can profit from them.
The main points within the report are drawn from the agency’s personal proprietary manufacturing cyber insurance coverage claims portfolio from March 2021 by February 2026, and synthesized with knowledge from different publicly out there sources reminiscent of IBM X-Power and KELA.
The excellent headline is that the price of ransomware is excessive: 90% of incurred loss over this era is attributable to ransomware whereas solely 12% of the claims relate to ransomware. Ransomware assaults are rising throughout the board, however particularly in manufacturing the place downtime could possibly be catastrophic to the sufferer, or helpful to adversarial nation states (see the newer Iran-linked assault on Stryker).
The worth of the Resilience knowledge to CISOs comes from mapping the safety failure factors in its portfolio to the final word value of the safety incident. Two key failures stand out. Firstly, 13% of losses stem from software program vulnerability exploits. This highlights the necessity for improved patching cycles.
Whereas it’s true that manufacturing has particular and extreme patching issues, only a few firms wherever put money into sufficient, fast patching. For manufacturing, Resilience recommends, “Organizations should implement compensating controls including network isolation, virtual patching, and enhanced monitoring of vulnerable systems.”
Maybe extra shocking, nevertheless, is that double the exploit loss is attributable to MFA misconfigurations – the primary level of failure – resulting in monetary loss at 26%. (This determine dwarfs the loss incurred by the absence of MFA which stands at 8%; however the possible causes aren’t any excuse nor argument for not putting in correctly configured MFA.)
The only largest loss within the portfolio, a ransomware assault attributed to BlackCat, was instantly enabled by misconfigured MFA.
Resilience recommends that MFA validation must be handled as a steady course of. “The priority is not just deploying MFA but auditing existing deployments to ensure enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.”
Past ransomware, the report highlights loss incurred by switch fraud and electronic mail compromise, which comprise 30% of all claims. These assaults are extra frequent than ransomware even when the loss is much less extreme. In each instances, the first level of failure is phishing resulting in credential compromise, which is implicit in additional occasions than these.
“Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.”
The report recommends that switch fraud must be combatted with out of band affirmation for cost adjustments, and a twin authorization process for big transactions along with focused social engineering coaching, particularly for finance and accounting groups, to counter phishing basically.
Whereas the Resilience evaluation primarily pertains to ransomware within the manufacturing sector, its suggestions will resonate throughout a number of assault and business vectors and could possibly be utilized by all CISOs.
“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the danger operations middle (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”
The report provides, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”
Armed with such knowledge, technical CISOs might extra successfully current and argue the case for an sufficient safety funds.
Be taught Extra on the CISO Discussion board on the Ritz-Carlton, Half Moon Bay
Associated: Ransomware Hits Automotive Knowledge Knowledgeable Autovista
Associated: Iran-Linked Hacker Assault on Stryker Disrupted Manufacturing and Transport
Associated: Masimo Manufacturing Amenities Hit by Cyberattack
Associated: Cyber Insights 2026: The Ongoing Struggle to Safe Industrial Management Programs
