Cyber Risk

Deep dives into threat landscapes, vulnerability analysis, and quantifying cyber risk for insurance and business decisions.

Agentic AI

Agentic Security: What Underwriters Need to Know in 2026

Autonomous AI agents are entering production at scale — and they bring a completely new attack surface that traditional cyber insurance questionnaires weren't designed to capture.

Michael Guiao

8 min read

Agentic Security: What Underwriters Need to Know in 2026
An AI Agent Deleted a Startup's Production Database — Can You Insure Against That?
AI Agents · · 7 min read

An AI Agent Deleted a Startup's Production Database — Can You Insure Against That?

PocketOS lost its production database to a Cursor AI agent in 9 seconds. The incident exposes a gap in cyber insurance that most policies don't cover: AI-caused operational destruction with no external attacker.

Living-Off-the-Land 2.0: How Autonomous AI Agents Are Weaponizing LOTL Tradecraft — And What It Means for Cyber Underwriting
AI Agents · · 9 min read

Living-Off-the-Land 2.0: How Autonomous AI Agents Are Weaponizing LOTL Tradecraft — And What It Means for Cyber Underwriting

The convergence of agentic AI and living-off-the-land attack techniques is collapsing three attacker constraints at once: cost, skill, and detectability. A deep analysis of demonstrated capabilities, real incidents, and the underwriting implications that should reshape your risk selection in 2026.

AI Risk Loading: Why Insurers Are Adding 10-15% and What It Means for Cyber Coverage
AI Risk · · 4 min read

AI Risk Loading: Why Insurers Are Adding 10-15% and What It Means for Cyber Coverage

Allianz's blanket surcharge on AI-related cyber coverage is the industry's first systematic attempt to price AI risk. Here's what brokers and risk engineers need to know.

Attackers Don't Wait 24 Hours: Why Daily ASM Scans Leave You Exposed
Attack Surface Management · · 6 min read

Attackers Don't Wait 24 Hours: Why Daily ASM Scans Leave You Exposed

Unit 42 research shows attackers scan for new CVEs within 15 minutes of disclosure. SecurityScorecard and UpGuard scan daily. Resiliently scans hourly. Here's why the gap matters for your cyber insurance renewal — and how hourly scanning with euro-denominated risk quantification changes the underwriting conversation.

Beazley vs. Allianz: Two Approaches to AI Risk in Cyber Insurance — What Brokers Must Know in 2026
AI Risk · · 4 min read

Beazley vs. Allianz: Two Approaches to AI Risk in Cyber Insurance — What Brokers Must Know in 2026

Beazley uses flat 10% AI sublimits, Allianz uses individual risk assessment with up to 30% uplift. A detailed comparison of the two dominant approaches and what DACH brokers need at renewal.

BSI Opens NIS2 Enforcement: What German Entities Must Do Before the Audit
NIS 2 · · 5 min read

BSI Opens NIS2 Enforcement: What German Entities Must Do Before the Audit

BSI has begun NIS2 enforcement audits. Essential entities in Germany face up to €10M fines. Here is what your audit readiness checklist looks like for 2026.

Why Your Cyber Risk Register Is Lying to You — And What to Do About It
Risk Register · · 9 min read

Why Your Cyber Risk Register Is Lying to You — And What to Do About It

Most cyber risk registers are compliance checklists with no connection to real threat data, real incidents, or real financial exposure. Here is how to build one that actually works for underwriting decisions.

Deepfake-Enabled BEC: The Claim Trend Underwriters Cannot Ignore
Cyber Risk · · 3 min read

Deepfake-Enabled BEC: The Claim Trend Underwriters Cannot Ignore

Business email compromise has been the most financially devastating category of cybercrime for years. Now deepfakes are supercharging that dynamic, and the claims data is starting to reflect it.

The €50,000 Domain That Could Bankrupt Your SMB: Why External Attack Surface Discovery Cannot Wait
Attack Surface · · 5 min read

The €50,000 Domain That Could Bankrupt Your SMB: Why External Attack Surface Discovery Cannot Wait

Your domain portfolio is your biggest attack surface - and most security teams have no idea what is exposed. Learn how to quantify your financial exposure in euros, not letter grades.

The $250K Ceiling: What LLMjacking Sublimits Mean for Cyber Brokers
Llmjacking · · 6 min read

The $250K Ceiling: What LLMjacking Sublimits Mean for Cyber Brokers

QBE and Beazley just set a precedent with 10% AI sublimits. A $5M cyber policy now means max $250K for LLMjacking. Here's what brokers need to know — and do — before the next renewal.

The LOTL 2.0 Detection Gap: Why Your Current Security Stack May Be Blind to the Next Generation of Attacks
Detection Gap · · 8 min read

The LOTL 2.0 Detection Gap: Why Your Current Security Stack May Be Blind to the Next Generation of Attacks

Detailed analysis of the specific detection blind spots that autonomous LOTL attacks exploit — and the behavioral analytics, identity monitoring, and architectural changes that close them. Includes a control effectiveness matrix for underwriters and risk engineers.

The Mid-Market Crosshairs: How LOTL 2.0 Eliminates the "Too Small to Target" Protection
Mid Market · · 7 min read

The Mid-Market Crosshairs: How LOTL 2.0 Eliminates the "Too Small to Target" Protection

Analysis of why mid-market organizations (€50M–€500M revenue) are the primary beneficiaries of the LOTL 2.0 shift, how attacker economics have fundamentally changed, and what this means for cyber insurance portfolio risk. Includes scenario modeling for underwriters.

Cloud Outages, AI Fraud, and Supply Chain Attacks: The New Cyber Claims Frontier
Claims · · 8 min read

Cloud Outages, AI Fraud, and Supply Chain Attacks: The New Cyber Claims Frontier

From the CrowdStrike outage to deepfake $25M heists, the cyber claims landscape in 2026 looks nothing like 2023. Brokers must understand five emerging claim categories reshaping coverage.

NIS2 Penalties Explained: Essential vs Important Entities and What They Mean for Coverage
NIS 2 · · 9 min read

NIS2 Penalties Explained: Essential vs Important Entities and What They Mean for Coverage

NIS2 fines range from €7M to €10M depending on entity classification. Understand essential vs important entity penalties and how compliance posture affects cyber insurance pricing.

Ransomware Attack Vectors in 2026: What Risk Managers Must Monitor
Ransomware · · 7 min read

Ransomware Attack Vectors in 2026: What Risk Managers Must Monitor

Ransomware groups have moved beyond phishing. Here are the five dominant attack vectors risk managers need to understand — and how each one changes the insurance equation.

Residual Risk Is Why Insurance Exists
Residual Risk · · 6 min read

Residual Risk Is Why Insurance Exists

Security reduces risk. It never eliminates it. The gap between what controls can achieve and what remains is residual risk — the entire reason cyber insurance exists. And it is the most under-discussed concept in the industry.

The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment
Resilience Stack · · 12 min read

The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment

Introducing The Resilience Stack™ — Resiliently's proprietary framework that maps the full cyber risk journey from external threats to insurance readiness, with free assessment tools at every layer.

Why SMBs Can't Afford Cyber Risk Quantification (And Why That's About to Change)
Cyber Risk Quantification · · 5 min read

Why SMBs Can't Afford Cyber Risk Quantification (And Why That's About to Change)

Safe Security costs $50k+/yr. Kovrr is enterprise-only. Axio requires dedicated risk analysts. Meanwhile, SMBs with €10M-€500M revenue are expected to quantify cyber risk for insurance submissions with none of these tools. Resiliently brings FAIR-aligned Monte Carlo simulation to SMBs at €49/month — with euro-denominated output that underwriters actually use.

The Resilience Stack™: A 5-Layer Framework for Cyber Insurance Risk Assessment
Resilience Stack · · 21 min read

The Resilience Stack™: A 5-Layer Framework for Cyber Insurance Risk Assessment

Introducing the Resilience Stack™ — RESILIENTLY's proprietary framework for evaluating cyber risk across five layers: threat landscape, exposure surface, regulatory posture, financial impact, and insurance readiness.

The Security Rating Charade: Why Your $250,000 Tool Keeps You in the Dark
Security Ratings · · 6 min read

The Security Rating Charade: Why Your $250,000 Tool Keeps You in the Dark

SecurityScorecard, UpGuard, and Bitsight charge enterprises six figures for letter grades. But CISOs are discovering these ratings don't predict breach costs. Here's what's missing — and the growing movement toward financial-exposure-based risk assessment.

The Uncomfortable Truth About Cyber Risk in 2026
Cyber Risk · · 4 min read

The Uncomfortable Truth About Cyber Risk in 2026

Five things I'm seeing in the threat landscape that most security leaders aren't talking about enough.

Why Existing Attack Surface Tools Are Failing Insurance Brokers
Security Ratings · · 6 min read

Why Existing Attack Surface Tools Are Failing Insurance Brokers

SecurityScorecard charges $100K for vendor risk ratings that do not help brokers place coverage. Resiliently Broker Scorecard fills the gap - financial exposure estimates, underwriter-ready PDFs, and binding recommendations at EUR49/month.

blog.featured

The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment

Resilience Stack ·

12 min read

The Cyber Insurance Submission Crisis: 7 Reasons Brokers Can't Afford Manual Risk Assessments in 2026

Cyber Insurance ·

6 min read

Cyber Risk Quantification Tools 2026: The $50K Gap Between Free and Enterprise

Cyber Risk Quantification ·

4 min read

NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care

NIS 2 ·

4 min read

Premium Report

2026 Cyber Risk Landscape Report

24 pages of threat analysis, claims data, and underwriting implications for European cyber insurance.

View Reports →