Cyber Insurance Data Gives CISOs New Ammo for Budget Talks

CFOs and boards need to understand risk in financial terms. Insurance data can do this. Obtaining adequate cybersecurity budget from the board requires translating technical risk into business financial risk – an ability that is not always available to security technicians. Resilience, a firm that provides insurance, risk decision support and consultancy, can assist. Through its insurance service, Resilience can directly relate financial loss to specific cybersecurity events and their likely occurrence, allowing CISOs to present technical risk as the monetary risk that CFOs and board members readily understand. The firm’s latest analysis does this for ransomware in manufacturing, which is industry’s most targeted sector (in 2025, 25% of cyberattacks targeted manufacturing). Since different sectors have different characteristics, the precise details do not represent industry and commerce at large, but the principles contained remain valid, and all sectors can benefit from them. The details in the report are drawn from the firm’s own proprietary manufacturing cyber insurance claims portfolio from March 2021 through February 2026, and synthesized with data from other publicly available sources such as IBM X-Force and KELA. The outstanding headline is that the cost of ransomware is high: 90% of incurred loss over this period is attributable to ransomware while only 12% of the claims relate to ransomware. Ransomware attacks are increasing across the board, but especially in manufacturing where downtime could be catastrophic to the victim, or beneficial to adversarial nation states (see the more recent Iran-linked attack on Stryker). The value of the Resilience data to CISOs comes from mapping the security failure points in its portfolio to the ultimate cost of the security incident. Two key failures stand out. Firstly, 13% of losses stem from software vulnerability exploits. This highlights the need for improved patching cycles.  While it is true that manufacturing has specific and severe patching problems, very few companies anywhere invest in adequate, rapid patching. For manufacturing, Resilience recommends, “Organizations should implement compensating controls including network isolation, virtual patching, and enhanced monitoring of vulnerable systems.” Perhaps more surprising, however, is that double the exploit loss is caused by MFA misconfigurations – the number one point of failure – leading to financial loss at 26%. (This figure dwarfs the loss incurred by the absence of MFA which stands at 8%; but the probable reasons are no excuse nor argument for not installing properly configured MFA.) The single largest loss in the portfolio, a ransomware attack attributed to BlackCat, was directly enabled by misconfigured MFA. Resilience recommends that MFA validation should be treated as a continuous process. “The priority is not just deploying MFA but auditing existing deployments to ensure enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.” Beyond ransomware, the report highlights loss incurred through transfer fraud and email compromise, which comprise 30% of all claims. These attacks are more frequent than ransomware even if the loss is less severe. In both cases, the primary point of failure is phishing leading to credential compromise, which is implicit in more events than these.  “Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.” The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general. While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs. “Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.” The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.” Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget. Learn More at the CISO Forum at the Ritz-Carlton, Half Moon Bay Related: Ransomware Hits Automotive Data Expert Autovista Related: Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping Related: Masimo Manufacturing Facilities Hit by Cyberattack Related: Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems WRITTEN BY Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. More from Kevin Townsend The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data CoChat Launches AI Collaboration Platform to Combat Shadow AI ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks CISO Conversations: Ross McKerchar, CISO at Sophos ‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings Can We Trust AI? No – But Eventually We Must Latest News Vimeo Confirms User and Customer Data Breach The Mythos Moment: Enterprises Must Fight Agents with Agents Webinar Today: A Step-by-Step Approach to AI Governance Robinhood Vulnerability Exploited for Phishing Attacks Alleged Chinese State Hacker Extradited to US Dozens of Open VSX Extension Clones Linked to GlassWorm Malware Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Neill Feather has been named Chief Executive Officer at Point Wild. Oasis Security has appointed Michael DeCesare as President. Sterling Wilson has joined IGEL as Global Field CTO, Business Continuity and Disaster Recovery. More People On The Move Expert Insights The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Email