Top Stories
Incident Tracker
LOTL 2.0 Incident Tracker: Documented Cases of AI-Augmented Living-Off-the-Land Attacks (2025–2026)
Living document tracking confirmed and suspected cases of autonomous or AI-augmented LOTL attacks in the wild. Updated as new evidence emerges. Includes attack chain analysis, tradecraft observations, and underwriting takeaways for each incident.
Michael Guiao
8 min read
Resilience Stack · · 21 min read
The Resilience Stack™: A 5-Layer Framework for Cyber Insurance Risk Assessment
Introducing the Resilience Stack™ — RESILIENTLY's proprietary framework for evaluating cyber risk across five layers: threat landscape, exposure surface, regulatory posture, financial impact, and insurance readiness.
NIS 2 · · 4 min read
NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care
The NIS2 transposition deadline has passed. With fewer than 10% of critical entities fully compliant, carriers are starting to exclude non-compliant organizations from coverage. For insurance brokers, failing to verify client NIS2 status is now a professional liability risk. Here's what you need to know.
Broker Tools · · 6 min read
Why Brokers Pay €49/mo Instead of $16,500/yr — The Attack Surface Management Pricing Revolution
SecurityScorecard starts at $16,500/year. UpGuard at $21,000. Assetnote at $230,000. Yet 70% of cyber insurance submissions are placed by independent brokers who can't justify that spend. Resiliently delivers hourly scanning + euro risk quantification for €49/month. Here's how the math works — and why it changes everything for the submission process.
Attack Surface Management · · 6 min read
Attackers Don't Wait 24 Hours: Why Daily ASM Scans Leave You Exposed
Unit 42 research shows attackers scan for new CVEs within 15 minutes of disclosure. SecurityScorecard and UpGuard scan daily. Resiliently scans hourly. Here's why the gap matters for your cyber insurance renewal — and how hourly scanning with euro-denominated risk quantification changes the underwriting conversation.
Brokers · · 8 min read
How to Prepare a Cyber Insurance Submission in 2026: The Complete Broker's Guide
A step-by-step guide for insurance brokers preparing cyber submissions in 2026. Covers NIS2, DORA requirements, what underwriters actually check, common submission mistakes, and how the Instant Broker Scorecard cuts prep time from 3 hours to 3 seconds.
Brokers · · 4 min read
Instant Broker Scorecard (IBS): From Domain to Submission in 3 Seconds
The Instant Broker Scorecard (IBS) turns any domain into an underwriter-ready risk assessment in 3 seconds — with financial exposure estimates in EUR, underwriter recommendations, and a printable PDF your carrier will actually read.
AI Risk · · 4 min read
Beazley vs. Allianz: Two Approaches to AI Risk in Cyber Insurance — What Brokers Must Know in 2026
Beazley uses flat 10% AI sublimits, Allianz uses individual risk assessment with up to 30% uplift. A detailed comparison of the two dominant approaches and what DACH brokers need at renewal.
Security Ratings · · 6 min read
The Security Rating Charade: Why Your $250,000 Tool Keeps You in the Dark
SecurityScorecard, UpGuard, and Bitsight charge enterprises six figures for letter grades. But CISOs are discovering these ratings don't predict breach costs. Here's what's missing — and the growing movement toward financial-exposure-based risk assessment.
AI Agents · · 7 min read
An AI Agent Deleted a Startup's Production Database — Can You Insure Against That?
PocketOS lost its production database to a Cursor AI agent in 9 seconds. The incident exposes a gap in cyber insurance that most policies don't cover: AI-caused operational destruction with no external attacker.
Llmjacking · · 6 min read
The $250K Ceiling: What LLMjacking Sublimits Mean for Cyber Brokers
QBE and Beazley just set a precedent with 10% AI sublimits. A $5M cyber policy now means max $250K for LLMjacking. Here's what brokers need to know — and do — before the next renewal.
Cyber Insurance · · 6 min read
Zurich's £8.1B Beazley Acquisition: What It Means for Cyber Insurance's Future
Zurich Insurance just agreed to acquire Beazley for £8.1 billion — the largest cyber insurance deal in history. Here's what the acquisition means for brokers, underwriters, and the broader cyber risk market.
AI Agents · · 9 min read
Living-Off-the-Land 2.0: How Autonomous AI Agents Are Weaponizing LOTL Tradecraft — And What It Means for Cyber Underwriting
The convergence of agentic AI and living-off-the-land attack techniques is collapsing three attacker constraints at once: cost, skill, and detectability. A deep analysis of demonstrated capabilities, real incidents, and the underwriting implications that should reshape your risk selection in 2026.
DORA · · 16 min read
DORA ICT Risk Management Framework: Complete Practitioner Guide for Financial Institutions and Their Insurers in 2026
Comprehensive guide to the Digital Operational Resilience Act (DORA) ICT risk management framework. Covers all 5 pillars, compliance requirements, underwriting implications, and the intersection with NIS2 for EU financial institutions.
NIS 2 · · 12 min read
How to Prepare for a NIS2 Audit: Documentation, Evidence, and Compliance Verification Guide (2026)
Complete guide to NIS2 audit preparation. Covers documentation requirements by Article, evidence collection, common failures, management liability, and a 30-day pre-audit checklist for in-scope EU entities.
NIS 2 · · 11 min read
NIS2 Austria Compliance Guide: NISG 2026 Requirements, BMI Authority and DACH Region Framework for 2026
Complete guide to NIS2 compliance in Austria. Covers the NISG 2026 (Network and Information Systems Security Act), BMI/Bundesamt für Cybersicherheit authority, entity classification, sector requirements, CERT.at incident reporting, penalties up to €10M, and the 1 October 2026 entry into force deadline.
NIS 2 · · 12 min read
NIS2 Belgium Compliance Guide: CCB Requirements and CyberFundamentals Framework for 2026
Complete guide to NIS2 compliance in Belgium. Covers the CCB enforcement framework, Law of 26 April 2024, CyberFundamentals (CyFun) compliance tracks, entity classification, sector requirements, penalties, and the 18 April 2026 deadline for essential entities.
NIS 2 · · 10 min read
How NIS2 Compliance Lowers Cyber Insurance Premiums: The Business Case for Security Investment
NIS2 compliance can reduce cyber insurance premiums by 15-40%. Learn which controls insurers value most, how to document compliance for underwriters, and calculate the ROI of security investment against premium savings.
NIS 2 · · 8 min read
NIS2 Czech Republic Compliance Guide: Act No. 264/2025, NÚKIB Authority and Strategically Important Services for 2026
Complete guide to NIS2 compliance in the Czech Republic. Covers Act No. 264/2025 Coll., NÚKIB authority, uniquely expanded scope with "strategically important services," entity classification, higher vs. lower obligations regimes, penalties up to CZK 250M (~€10M), and registration deadlines.
NIS 2 · · 8 min read
NIS2 Denmark Compliance Guide: NIS-2-loven, CFCS Authority and Danish Cybersecurity Framework for 2026
Complete guide to NIS2 compliance in Denmark. Covers the NIS-2-loven (Bill L 141), CFCS authority under Defence Intelligence, SAMSIK registration, entity classification, sector-specific obligations, criminal enforcement model, penalties up to DKK 75M (~€10M), and key registration deadlines.
NIS 2 · · 9 min read
NIS2 Finland Compliance Guide: Kyberturvallisuuslaki (Act 124/2025), Traficom Authority and Kybermittari Framework for 2026
Complete guide to NIS2 compliance in Finland. Covers the Kyberturvallisuuslaki (Cybersecurity Act 124/2025), Traficom/NCSC-FI authority, free Kybermittari self-assessment tool, entity classification with 50,000-resident municipal threshold, guidance-first enforcement, penalties up to €10M, and key registration deadlines.
NIS 2 · · 13 min read
NIS2 Greece Compliance Guide: ENSI Authority, Maritime & Energy Sector Requirements, and What Greek Entities Must Do in 2026
Complete guide to NIS2 compliance in Greece. Covers the ENSI (Εθνική Αρχή Κυβερνοασφάλειας) authority, entity classification, maritime fleet obligations, island energy infrastructure, GR-CSIRT incident reporting, penalties up to €10M, and the compliance roadmap for Greek entities.
NIS 2 · · 8 min read
NIS2 Ireland Preparation Guide: National Cyber Security Bill, NCSC Ireland and CyFun Framework for 2026
Complete guide to NIS2 preparation in Ireland. Covers the pending National Cyber Security Bill, NCSC Ireland authority, CyFun compliance framework adopted from Belgium, 15 Risk Management Measures, entity classification expectations, and what organizations should do now despite legislation not yet enacted.
NIS 2 · · 11 min read
NIS2 Netherlands Compliance Guide: NCSC-NL Requirements for Dutch Entities
Complete guide to NIS2 compliance in the Netherlands. Covers NCSC-NL enforcement, Uitvoeringswet cybersecurityrichtlijn implementation, sector-specific requirements, deadlines, penalties, and what Dutch entities must do now.
NIS 2 · · 8 min read
NIS2 Portugal Compliance Guide: Decree-Law 125/2025, CNCS Authority and Four-Tier Entity Framework for 2026
Complete guide to NIS2 compliance in Portugal. Covers Decree-Law 125/2025 (Regime Jurídico da Cibersegurança), CNCS authority, unique four-tier entity classification, mandatory cybersecurity officer appointment, 24-month delayed enforcement, penalties up to €10M, and key registration deadlines.
NIS 2 · · 11 min read
NIS2 Sweden Compliance Guide: Cybersäkerhetslagen SFS 2025:1506, MCF Authority and Nordic Framework for 2026
Complete guide to NIS2 compliance in Sweden. Covers the Cybersäkerhetslagen (Cybersecurity Act SFS 2025:1506), MCF (formerly MSB) authority, CERT-SE incident reporting, entity classification, sector requirements, decentralized supervision model, penalties up to €10M, and the January 2026 entry into force.
NIS 2 · · 9 min read
NIS2 Compliance Cost: What European Companies Actually Spend in 2026
Real NIS2 compliance costs broken down by company size and sector. Essential entities spend €150K-€2M+, important entities €30K-€500K. Includes cost framework, hidden expenses, ROI calculation, and free tools to estimate your budget.
NIS 2 · · 5 min read
BSI Opens NIS2 Enforcement: What German Entities Must Do Before the Audit
BSI has begun NIS2 enforcement audits. Essential entities in Germany face up to €10M fines. Here is what your audit readiness checklist looks like for 2026.
Agentic AI · · 8 min read
Agentic Security: What Underwriters Need to Know in 2026
Autonomous AI agents are entering production at scale — and they bring a completely new attack surface that traditional cyber insurance questionnaires weren't designed to capture.
Ransomware · · 5 min read
Ransomware Claims in 2026: What the Data Tells Underwriters About Pricing Risk
Ransomware claims frequency is shifting again in 2026. Here is what the latest data patterns mean for how underwriters price cyber risk, structure deductibles, and evaluate ransomware-specific endorsements.
Cyber Risk · · 3 min read
Deepfake-Enabled BEC: The Claim Trend Underwriters Cannot Ignore
Business email compromise has been the most financially devastating category of cybercrime for years. Now deepfakes are supercharging that dynamic, and the claims data is starting to reflect it.
blog.featured
The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment
Resilience Stack ·
12 min read
The Cyber Insurance Submission Crisis: 7 Reasons Brokers Can't Afford Manual Risk Assessments in 2026
Cyber Insurance ·
6 min read
Cyber Risk Quantification Tools 2026: The $50K Gap Between Free and Enterprise
Cyber Risk Quantification ·
4 min read
NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care
NIS 2 ·
4 min read
Premium Report
2026 Cyber Risk Landscape Report
24 pages of threat analysis, claims data, and underwriting implications for European cyber insurance.
View Reports →