The Journal
Cyber risk analysis, regulatory intelligence, and underwriting insights
Agentic AI · · 11 min read
The Five Toxic Powers of Agentic AI — What Underwriters Need to Know
Agentic AI introduces five double-edged powers that create toxic risk combinations. Here's how underwriters, brokers, and CISOs should assess the threat.
Agentic AI · · 9 min read
Agentic Security: What Underwriters Need to Know in 2026
Autonomous AI agents are entering production at scale — and they bring a completely new attack surface that traditional cyber insurance questionnaires weren't designed to capture.
AI Agents · · 7 min read
An AI Agent Deleted a Startup's Production Database — Can You Insure Against That?
PocketOS lost its production database to a Cursor AI agent in 9 seconds. The incident exposes a gap in cyber insurance that most policies don't cover: AI-caused operational destruction with no external attacker.
AI Agents · · 9 min read
Living-Off-the-Land 2.0: How Autonomous AI Agents Are Weaponizing LOTL Tradecraft — And What It Means for Cyber Underwriting
The convergence of agentic AI and living-off-the-land attack techniques is collapsing three attacker constraints at once: cost, skill, and detectability. A deep analysis of demonstrated capabilities, real incidents, and the underwriting implications that should reshape your risk selection in 2026.
AI Ops · · 1 min read
How AI Is Changing Cyber Risk Assessment
A look at how AI and multi-agent systems are starting to transform the way we evaluate and underwrite cyber risk.
AI · · 7 min read
AI in Cyber Underwriting: Attacker, Defender, and Underwriter Perspectives
Exploring how AI transforms cyber risk from three angles: how threat actors weaponize it, how security teams deploy it, and how underwriters must adapt their approach.
AI Insurance · · 12 min read
The AI Insurance Split: Big Carriers Exclude, Startups Fill the Gap — What Underwriters and Brokers Need to Know
In January 2026, Verisk's ISO Form CG 40 47 gave carriers a standardized way to exclude generative AI from commercial policies. 82% of global P&C policies now carry AI exclusions. Meanwhile, Armilla, Testudo, and Munich Re are building a $4.8B AI insurance market. Here is what the split means for underwriters, brokers, and every company deploying AI agents.
AI Risk · · 4 min read
AI Risk Loading: Why Insurers Are Adding 10-15% and What It Means for Cyber Coverage
Allianz's blanket surcharge on AI-related cyber coverage is the industry's first systematic attempt to price AI risk. Here's what brokers and risk engineers need to know.
Threat Report · · 7 min read
AI Voice Cloning Demands Underwriting Rethink
AI voice clones bypass MFA, compromising 1,200+ accounts. Insurers must update risk models and policy language for this blurred social...
Attack Surface Management · · 6 min read
Attackers Don't Wait 24 Hours: Why Daily ASM Scans Leave You Exposed
Unit 42 research shows attackers scan for new CVEs within 15 minutes of disclosure. SecurityScorecard and UpGuard scan daily. Resiliently scans hourly. Here's why the gap matters for your cyber insurance renewal — and how hourly scanning with euro-denominated risk quantification changes the underwriting conversation.
Cyber Risk · · 5 min read
Azure HDInsight XXE Vulnerability: Hidden Cyber Insurance Risks
CVE-2023-36419 exposes critical data workflows to authenticated attackers, creating coverage ambiguity for managed cloud services and significant underwriting exposure.
Cyber Risk · · 6 min read
Backup Software Flaw CVE-2023-44208 Exposes Millions to Data Breach Risk
Critical Acronis vulnerability affects 10M+ users, creating systemic risk for cyber insurance underwriters assessing backup security controls.
AI Risk · · 5 min read
Beazley vs. Allianz: Two Approaches to AI Risk in Cyber Insurance — What Brokers Must Know in 2026
Beazley uses flat 10% AI sublimits, Allianz uses individual risk assessment with up to 30% uplift. A detailed comparison of the two dominant approaches and what DACH brokers need at renewal.
NIS 2 · · 5 min read
BSI Opens NIS2 Enforcement: What German Entities Must Do Before the Audit
BSI has begun NIS2 enforcement audits. Essential entities in Germany face up to €10M fines. Here is what your audit readiness checklist looks like for 2026.
Building in Public · · 1 min read
Building in Public: Why I Started Resiliently
The story behind this site — why I'm sharing my work at the intersection of cyber risk engineering and AI automation.
Cloud Outage · · 7 min read
Cloud Outage Loss Scenario: When Your Infrastructure Provider Goes Dark
A realistic loss scenario analyzing what happens when a major cloud provider outage strikes — business interruption cascades, insurance triggers, and the coverage gaps that leave policyholders exposed.
Cyber Risk · · 6 min read
Compliance Software Flaw Exposes Orgs to Cyber Risk
CVE-2022-47445 in POPIA compliance software creates systemic risk for South African organizations, highlighting third-party dependency dangers for...
Cyber Risk · · 7 min read
Confluence CVE-2023-22515: Critical Admin Access Flaw Raises Cyber Insurance Risks
Atlassian's critical Confluence vulnerability exposes organizations to unauthorized admin access, creating significant cyber insurance underwriting risks for unpatched enterprise instances.
Cyber Risk · · 6 min read
Critical AI ChatBot Plugin Flaw Exposes WordPress Sites to Severe Cyber Risk
CVE-2023-5241 vulnerability in popular WordPress AI plugin creates denial of service risks, highlighting third-party plugin dangers for cyber insurance underwriting.
Cyber Risk · · 5 min read
Critical Backup Vulnerability CVE-2023-44209 Exposes Policyholders to Severe Risk
Acronis Cyber Protect flaw allows local privilege escalation, compromising backup infrastructure relied upon by policyholders for ransomware recovery.
NIS 2 · · 13 min read
Critical Infrastructure Underwriting Under NIS2: Healthcare, Energy, and Transport in 2026
A sector-by-sector guide for cyber underwriters on NIS2 critical infrastructure compliance in healthcare, energy, and transport — including specific requirements, claim trends, underwriting questions, and coverage implications.
Cyber Risk · · 6 min read
Critical tinyfiledialogs Vulnerability CVE-2023-47104: Underwriting Risk Assessment
CVE-2023-47104 affects tinyfiledialogs library with CVSS 9.8 score. Underwriters must assess exposure in enterprise applications using this vulnerable...
Cyber Risk · · 6 min read
Critical WordPress ChatBot Plugin Flaw Exposes 40K+ Sites to SQL Injection
Unauthenticated SQL injection vulnerability in popular WordPress plugin creates major cyber insurance exposure for CMS-dependent businesses.
Cyber Risk · · 6 min read
Critical WordPress Plugin Flaw CVE-2023-5199 Exposes Insurers to High-Impact Claims
CVE-2023-5199 affects 43% of websites, enabling remote code execution with minimal privileges. This critical vulnerability significantly impacts cyber...
Cyber Risk · · 6 min read
Critical WordPress Plugin Flaw Exposes 10,000+ Sites to Unauthenticated RCE
CVE-2023-4488 affects Dropbox Folder Share plugin, allowing remote code execution without authentication. High-risk vulnerability impacts cyber insurance underwriting and claims frequency for WordPress-dependent businesses.
Cyber Risk · · 7 min read
Critical WordPress Plugin Flaw Exposes 100K+ Sites to SQL Injection Attacks
CVE-2023-5412 in Image horizontal reel scroll slideshow plugin creates systemic risk for cyber insurance portfolios, affecting 100K+ WordPress sites...
Cyber Risk · · 5 min read
Critical WordPress Plugin Flaw Exposes 200K+ Sites to Unauthenticated Attacks
CVE-2023-4386 affects Essential Blocks plugin used by 200,000+ WordPress sites, creating systemic risk for cyber insurance portfolios due to high exposure and potential for remote code execution when chained with other vulnerabilities.
Cyber Risk · · 5 min read
Critical WordPress Plugin Flaw Exposes E-commerce to Total Account Takeover
CVE-2023-3277 in MStore API plugin allows unauthenticated attackers to gain complete admin access, creating severe cyber liability exposure for...
Cyber Risk · · 6 min read
Critical WordPress Plugin Flaw Exposes Enterprises to Cyber Risk
CVE-2023-5212 in AI ChatBot plugin affects 10,000+ sites, allowing file deletion with minimal privileges. High CVSS 9.6 score raises underwriting concerns for cyber insurance portfolios.
Cyber Risk · · 5 min read
Critical WordPress Plugin Flaw Exposes Sites to Database Theft
CVE-2023-5431 affects popular gallery plugin used by 100k+ sites. SQL injection vulnerability could lead to customer data theft and site defacement.
Cyber Risk · · 6 min read
Critical WordPress Plugin Flaw Exposes Sites to Severe Data Breach Risks
CVE-2023-5414 affects 100k+ WordPress sites, allowing admin-level attackers to access sensitive files. High risk for organizations with weak credential security.
Cyber Risk · · 8 min read
Critical WordPress Plugin Flaw Exposes Thousands to Data Breach Risks
CVE-2023-37966 affects over 10,000 sites, highlighting third-party plugin risks that could trigger cyber insurance claims for data breaches and system...
Cyber Risk · · 10 min read
CVE-2023-28777: What This Means for Cyber Insurance Underwriting
CVE CVE-2023-28777 with CVSS 8.5. Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in LearnDash LearnDash
Cyber Risk · · 8 min read
CVE-2023-4214: What This Means for Cyber Insurance Underwriting
CVE CVE-2023-4214 with CVSS 8.1. The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5.
Cyber Risk · · 7 min read
CVE-2023-5099: What This Means for Cyber Insurance Underwriting
CVE CVE-2023-5099 with CVSS 8.8. The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and incl
Cyber Risk · · 6 min read
CVE-2023-5245: Zip Slip Threatens ML Pipelines, Insurers Take Note
This high-severity path traversal in TensorFlow's file extraction can lead to RCE and supply chain attacks, increasing systemic risk for policyholders...
Cyber Risk · · 6 min read
CVE-2023-5523: Document Management RCE Vulnerability
Critical remote code execution flaw in M-Files Web Companion affects 4,500+ organizations, creating significant cyber insurance exposure risks.
Cyber Risk · · 6 min read
CVE-2023-5860: WordPress Plugin Flaw Creates Cyber Insurance Exposure
Arbitrary file upload vulnerability in Icons Font Loader plugin increases claims frequency for cyber insurance policies covering WordPress sites.
Cyber Risk · · 8 min read
CVE-2023-6187: What This Means for Cyber Insurance Underwriting
CVE CVE-2023-6187 with CVSS 7.5. The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type valida
Claims · · 9 min read
Denied: Why 1 in 4 Cyber Insurance Claims Gets Rejected in 2026
21% of cyber insurance claims were denied or partially denied in 2025, up from 15% two years ago. Here are the specific reasons — and what brokers can do to prevent it.
Claims · · 7 min read
Cyber Claims in 2026: Fewer Claims, Bigger Losses — The Severity Paradox
Cyber insurance claims frequency dropped 53% in early 2025 but average severity doubled for large accounts. What the data means for underwriters pricing risk in 2026.
Cyber Insurance · · 5 min read
Your Policy Says Cyber Event — But What Risk Does That Actually Expose?
Most cyber insurance policies define 'cyber event' so broadly that the term becomes meaningless for underwriting. Here is why that one definition matters more than any exclusion clause.
Cyber Insurance · · 7 min read
Cyber Insurance Buying Guide 2026: What Every Business Needs to Know
A practical guide to choosing the right cyber insurance policy in 2026. Covers NIS2 compliance, key coverage areas, common exclusions, and how to get the best terms.
Cyber Insurance · · 13 min read
Cyber Insurance Claims Process: Step-by-Step Guide for Filing and Settling Claims in 2026
Complete guide to the cyber insurance claims process — from incident detection to settlement. Learn notification deadlines, documentation requirements, common mistakes that delay payouts, and how to maximize your claim recovery.
Cyber Insurance Comparison · · 16 min read
Cyber Insurance Comparison: How to Evaluate and Compare Policies in 2026
Learn how to compare cyber insurance policies in 2026. Coverage limits, deductibles, exclusions, endorsements, top EU providers, and a buyer's checklist. Includes NIS2 impact on policy selection.
Cyber Insurance · · 5 min read
How Much Does Cyber Insurance Cost in 2026? A Pricing Breakdown for Underwriters and Buyers
Complete guide to cyber insurance pricing in 2026. Learn the key factors that determine premiums, from revenue size to security controls, with real market benchmarks for SMEs and mid-market companies.
Cyber Insurance Coverage · · 13 min read
What Does Cyber Insurance Cover in 2026? First-Party and Third-Party Coverage Explained
Complete guide to cyber insurance coverage in 2026. Learn what policies actually cover: data breach response, business interruption, cyber extortion, privacy liability, regulatory defense, and more. Understand first-party vs third-party coverage.
Cyber Insurance · · 8 min read
Cyber Insurance Exclusions: What's NOT Covered in 2026
Critical guide to cyber insurance exclusions and coverage gaps. Learn what most policies don't cover, from unencrypted devices to nation-state attacks, and how to protect your business from blind spots.
Cyber Insurance · · 14 min read
Cyber Insurance Policy Wording: 12 Essential Clauses Every Underwriter and Broker Must Check in 2026
Practitioner guide to cyber insurance policy wording — the 12 critical clauses that determine coverage scope, exclusions, and claims outcomes. Written for underwriters, brokers, and risk managers comparing cyber policies in 2026.
Cyber Insurance · · 10 min read
Cyber Insurance Renewal Guide: How to Review, Renegotiate, and Switch Providers in 2026
Everything you need to know about renewing your cyber insurance policy in 2026. Learn when to start the renewal process, how to negotiate better premiums, what coverage changes to watch for, and when switching providers makes sense.
Cyber Insurance · · 8 min read
Cyber Insurance for Small Businesses in Europe: The Complete 2026 Guide
Everything small and medium businesses in the EU need to know about cyber insurance in 2026. Learn what coverage you need, how much it costs, NIS2 requirements, and how to find the right policy for your budget.
Brokers · · 8 min read
How to Prepare a Cyber Insurance Submission in 2026: The Complete Broker's Guide
A step-by-step guide for insurance brokers preparing cyber submissions in 2026. Covers NIS2, DORA requirements, what underwriters actually check, common submission mistakes, and how the Instant Broker Scorecard cuts prep time from 3 hours to 3 seconds.
Cyber Insurance · · 6 min read
The Cyber Insurance Submission Crisis: 7 Reasons Brokers Can't Afford Manual Risk Assessments in 2026
Cyber insurance submissions are broken. With premiums up 11% and carriers demanding quantified risk data, brokers who still prepare submissions manually are losing deals. Here's what's changing in 2026.
Cyber Resilience Act · · 12 min read
Cyber Resilience Act vs NIS2 vs DORA: Which Regulation Applies to My Insured?
A practical comparison of the three major EU cybersecurity regulations — CRA, NIS2, and DORA — explaining scope, timelines, requirements, and what cyber insurance underwriters need to ask clients in 2026.
Cyber Risk Quantification · · 4 min read
Cyber Risk Quantification Tools 2026: The $50K Gap Between Free and Enterprise
Compare CRQ tools from SecurityScorecard ($16.5K/yr) to enterprise platforms ($50K+) and discover why SMBs need a middle ground — financial-exposure estimates starting at €9.
Risk Register · · 9 min read
Why Your Cyber Risk Register Is Lying to You — And What to Do About It
Most cyber risk registers are compliance checklists with no connection to real threat data, real incidents, or real financial exposure. Here is how to build one that actually works for underwriting decisions.
Cvss 10 · · 6 min read
CVE-2026-44109 Deep Dive: Critical Security Vulnerability Analysis and Mitigation Strategies
Content about deep dive cve 2026 44109
Cyber Risk · · 3 min read
Deepfake-Enabled BEC: The Claim Trend Underwriters Cannot Ignore
Business email compromise has been the most financially devastating category of cybercrime for years. Now deepfakes are supercharging that dynamic, and the claims data is starting to reflect it.
AI Agents · · 20 min read
DeepMind Mapped Every Way the Web Can Hijack Your AI Agent — Here Is What Underwriters Need to Ask
Google DeepMind researchers classified six categories of AI agent attacks — from invisible web content that hijacks perception to cascading multi-agent failures. Coverage gaps emerge at every layer. Here is the underwriting playbook.
Cyber Risk · · 9 min read
Donation Plugin Flaw: A New Cyber Insurance Claims Trigger
CVE-2023-47550 in RedNao's Smart Donations plugin enables CSRF-to-XSS attacks, echoing a 2023 incident that spiked claims for nonprofits. Underwriters...
DORA · · 23 min read
DORA ICT Risk Management Framework: What Cyber Insurance Underwriters Must Know in 2026
Complete practitioner guide to the DORA ICT risk management framework for cyber insurance underwriting. Covers the 5 pillars, how they affect coverage decisions, underwriting questions for financial sector clients, and compliance deadlines.
DORA · · 16 min read
DORA ICT Risk Management Framework: Complete Practitioner Guide for Financial Institutions and Their Insurers in 2026
Comprehensive guide to the Digital Operational Resilience Act (DORA) ICT risk management framework. Covers all 5 pillars, compliance requirements, underwriting implications, and the intersection with NIS2 for EU financial institutions.
Attack Surface · · 5 min read
The €50,000 Domain That Could Bankrupt Your SMB: Why External Attack Surface Discovery Cannot Wait
Your domain portfolio is your biggest attack surface - and most security teams have no idea what is exposed. Learn how to quantify your financial exposure in euros, not letter grades.
Cyber Risk · · 6 min read
Fortinet Path Traversal Flaw Exposes Cyber Insurance Risks
CVE-2023-41682 affects FortiSandbox versions 3.0-4.4.0, creating unauthorized access risks that could trigger business interruption claims and regulatory fines for insurers.
Cyber Risk · · 6 min read
Fortinet Sandbox Vulnerability: Hidden Cyber Risk for Insurers
CVE-2023-41680 affects FortiSandbox versions 3.0-4.4, creating XSS risks that weaken network defenses and increase claims frequency for cyber insurance underwriters.
Cyber Risk · · 6 min read
Fortinet Vulnerability Exposes Cyber Insurance Blind Spots
CVE-2023-41680 in FortiSandbox highlights critical underwriting gaps when security tools themselves become attack vectors, amplifying organizational risk exposure.
Cyber Risk · · 6 min read
Fortinet XSS Vulnerability Exposes Security Operations to Cyber Risk
CVE-2023-41843 affects FortiSandbox security appliances, potentially compromising threat intelligence and malware analysis systems. Underwriters should assess legacy version exposure.
Cyber Risk · · 6 min read
Fortinet's Critical Vulnerability Exposes Network Security Risks with Maximum Severity Rating
CVE-2023-34992's unauthenticated remote code execution affects Fortinet's network security appliances, creating significant cyber insurance exposure for organizations worldwide.
Cyber Risk · · 5 min read
FortiSandbox XSS Flaw Exposes Network Security to Cyber Risks
CVE-2023-41681 vulnerability in FortiSandbox creates insurance exposure for organizations relying on compromised security tools for network protection.
Cyber Risk · · 6 min read
Forum Plugin Flaw Triggered $3.2M Ransomware Recovery
Unpatched Simple:Press plugin vulnerability led to massive healthcare ransomware costs, highlighting critical web app risks for insurers.
Cyber Risk · · 6 min read
High-Risk SQL Injection Vulnerability in Paytm's Payment Gateway
CVE-2022-45805 exposed Paytm's payment gateway to severe data breach risks, affecting over 1 billion monthly transactions and creating significant underwriting implications for cyber insurers.
Insider Threat · · 7 min read
Insider Threat Loss Scenario: The Privileged Employee Who Walked Away With Everything
A detailed loss scenario analyzing an insider threat data exfiltration event — from detection through forensic investigation, regulatory reporting, and insurance recovery. Underwriters need to understand how insider claims differ from external attacks.
Brokers · · 4 min read
Instant Broker Scorecard (IBS): From Domain to Submission in 3 Seconds
The Instant Broker Scorecard (IBS) turns any domain into an underwriter-ready risk assessment in 3 seconds — with financial exposure estimates in EUR, underwriter recommendations, and a printable PDF your carrier will actually read.
Newsletter · · 5 min read
Introducing The Underwriter's Edge
A new weekly newsletter for cyber underwriters, risk engineers, and brokers who want to stay ahead of threats, regulations, and emerging risks.
Cyber Risk · · 5 min read
Jetpack CRM Vulnerability Exposes 100K+ WordPress Sites to Data Breach Risk
CVE-2022-3342 in Jetpack CRM plugin created material cyber insurance risk through exploitable deserialization flaw affecting 100,000+ business websites.
Cyber Risk · · 7 min read
Linux Kernel Flaw CVE-2023-46813: Local User to Root in Virtualized Environments – Cyber Insurance Risk
A kernel-level local privilege escalation in AMD SEV-ES can turn a minor breach into full host compromise. Insurers must reassess virtualized environment risks.
Llmjacking · · 6 min read
The $250K Ceiling: What LLMjacking Sublimits Mean for Cyber Brokers
QBE and Beazley just set a precedent with 10% AI sublimits. A $5M cyber policy now means max $250K for LLMjacking. Here's what brokers need to know — and do — before the next renewal.
Detection Gap · · 8 min read
The LOTL 2.0 Detection Gap: Why Your Current Security Stack May Be Blind to the Next Generation of Attacks
Detailed analysis of the specific detection blind spots that autonomous LOTL attacks exploit — and the behavioral analytics, identity monitoring, and architectural changes that close them. Includes a control effectiveness matrix for underwriters and risk engineers.
Incident Tracker · · 8 min read
LOTL 2.0 Incident Tracker: Documented Cases of AI-Augmented Living-Off-the-Land Attacks (2025–2026)
Living document tracking confirmed and suspected cases of autonomous or AI-augmented LOTL attacks in the wild. Updated as new evidence emerges. Includes attack chain analysis, tradecraft observations, and underwriting takeaways for each incident.
Mid Market · · 7 min read
The Mid-Market Crosshairs: How LOTL 2.0 Eliminates the "Too Small to Target" Protection
Analysis of why mid-market organizations (€50M–€500M revenue) are the primary beneficiaries of the LOTL 2.0 shift, how attacker economics have fundamentally changed, and what this means for cyber insurance portfolio risk. Includes scenario modeling for underwriters.
Underwriting · · 8 min read
The LOTL 2.0 Underwriting Playbook: Risk Selection Criteria When the Attacker Is an Algorithm
Practical underwriting framework for assessing cyber risk in the era of autonomous LOTL attacks. Includes revised risk scoring matrices, control weight adjustments, and application question updates for underwriters.
Cyber Risk · · 6 min read
M-Files Vulnerability CVE-2023-2325: Cyber Insurance Risk Assessment
Stored XSS vulnerability in M-Files Classic Web poses significant underwriting risks for cyber insurance professionals evaluating client security posture and claims exposure.
Claims · · 9 min read
Cloud Outages, AI Fraud, and Supply Chain Attacks: The New Cyber Claims Frontier
From the CrowdStrike outage to deepfake $25M heists, the cyber claims landscape in 2026 looks nothing like 2023. Brokers must understand five emerging claim categories reshaping coverage.
Threat Report · · 8 min read
New Phishing List Bypasses All Filters: What Insurers Must Know
A phishing campaign evaded major email filters, compromising 12,000+ mailboxes. For insurers, this signals increased loss frequency and severity,...
NIS 2 · · 4 min read
NIS2 Intelligence Digest — BSI Enforcement Activated, Penalty Calculators Updated
Weekly intelligence on NIS2 enforcement, supervisory activity, and cyber insurance market developments across the EU.
Cyber Risk · · 6 min read
Niche Plugin Vulnerability Exposes Broader Cyber Risk
CVE-2023-46626 in FLOWFACT WP Connector shows how specialized third-party plugins can create significant insurance exposure beyond their niche markets.
NIS 2 · · 9 min read
The NIS2 + AI Coverage Gap: When Your Cyber Policy Won't Cover the Incident NIS2 Requires You to Report
NIS2 mandates AI incident reporting for hundreds of thousands of EU entities. But most cyber insurance policies contain silent AI exclusions, sublimits, or ambiguity that leave insureds paying for AI incident response out of pocket — even though NIS2 required them to report the incident in the first place.
NIS 2 · · 11 min read
NIS2 Article 21 Technical Measures: The Complete Security Requirements Breakdown for 2026
NIS2 Article 21 defines 10 mandatory security measures every essential and important entity must implement. Complete breakdown of each requirement with implementation guidance, audit evidence expectations, and compliance timeline.
NIS 2 · · 10 min read
The NIS2 Audit Crunch: What Underwriters Need to Know Before June 30, 2026
With the June 30, 2026 NIS2 compliance audit deadline approaching, cyber underwriters face a narrow window to reassess risk profiles across their entire European portfolio. Here is what the audit requirement means for how you evaluate, price, and write cyber coverage.
NIS 2 · · 12 min read
How to Prepare for a NIS2 Audit: Documentation, Evidence, and Compliance Verification Guide (2026)
Complete guide to NIS2 audit preparation. Covers documentation requirements by Article, evidence collection, common failures, management liability, and a 30-day pre-audit checklist for in-scope EU entities.
NIS 2 · · 11 min read
NIS2 Austria Compliance Guide: NISG 2026 Requirements, BMI Authority and DACH Region Framework for 2026
Complete guide to NIS2 compliance in Austria. Covers the NISG 2026 (Network and Information Systems Security Act), BMI/Bundesamt für Cybersicherheit authority, entity classification, sector requirements, CERT.at incident reporting, penalties up to €10M, and the 1 October 2026 entry into force deadline.
NIS 2 · · 12 min read
NIS2 Belgium Compliance Guide: CCB Requirements and CyberFundamentals Framework for 2026
Complete guide to NIS2 compliance in Belgium. Covers the CCB enforcement framework, Law of 26 April 2024, CyberFundamentals (CyFun) compliance tracks, entity classification, sector requirements, penalties, and the 18 April 2026 deadline for essential entities.
NIS 2 · · 8 min read
NIS2 Board Liability: Personal Fines, Bans, and What Management Must Know in 2026
NIS2 Article 20 holds management bodies personally liable for cybersecurity failures. This guide explains personal fines, temporary bans, and the 7 steps boards must take to protect themselves in 2026.
NIS 2 · · 13 min read
NIS2 Bulgaria Compliance Guide: Cybersecurity Act Amendments and DAEU Requirements for 2026
Complete guide to NIS2 compliance in Bulgaria — covering the amended Cybersecurity Act (Закон за киберсигурността), DAEU enforcement, National CSIRT bg incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Bulgarian entities.
NIS 2 · · 4 min read
NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care
The NIS2 transposition deadline has passed. With fewer than 10% of critical entities fully compliant, carriers are starting to exclude non-compliant organizations from coverage. For insurance brokers, failing to verify client NIS2 status is now a professional liability risk. Here's what you need to know.
NIS 2 · · 8 min read
NIS2 Compliance Checklist 2026: Complete Guide for the 2026 Deadline
Complete NIS2 compliance checklist with 70+ action items covering risk management, incident reporting, supply chain security, and governance. Essential preparation for EU enforcement.
NIS 2 · · 6 min read
NIS2 Compliance Checklist for 2026: What Brokers Need to Verify Before Coverage Placement
Before placing cyber coverage for NIS2 in-scope clients, verify these 10 compliance checkpoints. Missing documentation is the most common coverage gap.
NIS2 Compliance Checklist · · 18 min read
NIS2 Compliance Checklist 2026: Complete Guide for Insurance Professionals
Complete NIS2 compliance checklist with requirements, deadlines, and implementation steps. Get your organization compliant with our expert guide.
NIS 2 · · 9 min read
NIS2 Compliance Cost: What European Companies Actually Spend in 2026
Real NIS2 compliance costs broken down by company size and sector. Essential entities spend €150K-€2M+, important entities €30K-€500K. Includes cost framework, hidden expenses, ROI calculation, and free tools to estimate your budget.
NIS 2 · · 17 min read
What is NIS2 Compliance? A Complete Guide for 2026
Master NIS2 compliance in 2026. Understand the EU cybersecurity directive, who it affects, key requirements, penalties, and how to prepare before enforcement.
NIS 2 · · 9 min read
NIS2 Compliance for IT Managers: The Action Plan That Actually Works in 2026
Step-by-step NIS2 compliance action plan for IT managers and CISOs. Practical implementation guide covering risk management, incident reporting, security governance, supply chain security, and business continuity — with free tools and templates.
NIS 2 · · 10 min read
How NIS2 Compliance Lowers Cyber Insurance Premiums: The Business Case for Security Investment
NIS2 compliance can reduce cyber insurance premiums by 15-40%. Learn which controls insurers value most, how to document compliance for underwriters, and calculate the ROI of security investment against premium savings.
NIS2 Compliance Requirements · · 13 min read
NIS2 Compliance Requirements: 10 Mandatory Security Controls Before the 2026 Deadline
Master NIS2 compliance with our guide to the 10 mandatory security requirements. Learn what to implement, when deadlines hit, and how to avoid penalties up to €10 million or 2% of global turnover.
NIS 2 · · 15 min read
NIS2 Croatia Compliance Guide: Cybersecurity Act (Zakon o kibernetičkoj sigurnosti) and AZOP Requirements for 2026
Complete guide to NIS2 compliance in Croatia — covering the Cybersecurity Act (Zakon o kibernetičkoj sigurnosti), UVNS/NCSC-HR enforcement, CERT.hr incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Croatian entities.
NIS 2 · · 16 min read
NIS2 Cyprus Compliance Guide: Security of Networks and Information Systems Law and DSA Requirements for 2026
Complete guide to NIS2 compliance in Cyprus — covering the Security of Networks and Information Systems Law (N.89(I)/2020 as amended by N.60(I)/2025), Digital Security Authority (DSA) enforcement, CSIRT-CY incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Cypriot entities.
NIS 2 · · 8 min read
NIS2 Czech Republic Compliance Guide: Act No. 264/2025, NÚKIB Authority and Strategically Important Services for 2026
Complete guide to NIS2 compliance in the Czech Republic. Covers Act No. 264/2025 Coll., NÚKIB authority, uniquely expanded scope with "strategically important services," entity classification, higher vs. lower obligations regimes, penalties up to CZK 250M (~€10M), and registration deadlines.
NIS 2 · · 8 min read
NIS2 Denmark Compliance Guide: NIS-2-loven, CFCS Authority and Danish Cybersecurity Framework for 2026
Complete guide to NIS2 compliance in Denmark. Covers the NIS-2-loven (Bill L 141), CFCS authority under Defence Intelligence, SAMSIK registration, entity classification, sector-specific obligations, criminal enforcement model, penalties up to DKK 75M (~€10M), and key registration deadlines.
NIS 2 · · 9 min read
NIS2 Directive: The Complete Compliance Guide for 2026
Everything you need to know about NIS2 compliance in 2026: which sectors are affected, key requirements, deadlines, and how to prepare your organization for the EU cybersecurity directive.
Cyber Risk · · 2 min read
NIS2 and DORA: What Cyber Underwriters Need to Know
A practical breakdown of how the NIS2 Directive and DORA regulation affect cyber insurance underwriting in Europe.
NIS 2 · · 5 min read
NIS2 Penalties Explained: Essential vs Important Entities for 2026
Understand the critical difference between NIS2 essential and important entities. Classification criteria, compliance requirements, penalty differences, and what it means for your cyber insurance.
NIS 2 · · 13 min read
NIS2 Estonia Compliance Guide: Cybersecurity Act Amendments and RIA Requirements for 2026
Complete guide to NIS2 compliance in Estonia — covering the amended Cybersecurity Act (Küberturvalisuse seadus), RIA enforcement, CERT-EE incident reporting, entity classification, sector requirements, penalties, phased implementation timeline, and cyber insurance implications for Estonian entities.
NIS 2 · · 9 min read
NIS2 Finland Compliance Guide: Kyberturvallisuuslaki (Act 124/2025), Traficom Authority and Kybermittari Framework for 2026
Complete guide to NIS2 compliance in Finland. Covers the Kyberturvallisuuslaki (Cybersecurity Act 124/2025), Traficom/NCSC-FI authority, free Kybermittari self-assessment tool, entity classification with 50,000-resident municipal threshold, guidance-first enforcement, penalties up to €10M, and key registration deadlines.
NIS 2 · · 11 min read
NIS2 France: ANSSI Compliance Requirements, Enforcement Timeline, and What French Entities Must Do in 2026
ANSSI is enforcing NIS2 across France with formal notice procedures and audits. Essential entities face €10M fines. Complete guide to French NIS2 transposition, ANSSI audit expectations, and compliance steps for OSE and OSI entities.
NIS 2 · · 12 min read
How to Conduct a NIS2 Gap Analysis: Step-by-Step Readiness Assessment for 2026
Complete NIS2 gap analysis methodology with step-by-step instructions, free checklist template, and readiness scoring framework. Identify compliance gaps across all 10 Article 21 measures, incident reporting, governance, and supply chain security before your national authority does.
NIS 2 · · 13 min read
NIS2 Greece Compliance Guide: ENSI Authority, Maritime & Energy Sector Requirements, and What Greek Entities Must Do in 2026
Complete guide to NIS2 compliance in Greece. Covers the ENSI (Εθνική Αρχή Κυβερνοασφάλειας) authority, entity classification, maritime fleet obligations, island energy infrastructure, GR-CSIRT incident reporting, penalties up to €10M, and the compliance roadmap for Greek entities.
NIS 2 · · 18 min read
NIS2 Hungary Multi-Authority Enforcement Guide: NBI Sectoral Oversight, NKH Coordination, and Cross-Authority Compliance for 2026
Comprehensive guide to Hungary's multi-authority NIS2 enforcement model — covering NBI (National Security Authority) sectoral oversight for defence and security, NKH health sector coordination, cross-authority cooperation with SZTFH, interagency information-sharing frameworks, entity obligations across multiple regulators, and cyber insurance implications for Hungarian entities navigating the cooperative supervisory regime.
NIS 2 · · 15 min read
NIS2 Hungary Compliance Guide: Act LXIX of 2024, SZTFH Enforcement, and NKI Requirements for 2026
Complete guide to NIS2 compliance in Hungary — covering Act LXIX of 2024 on the Cybersecurity of Hungary, SZTFH enforcement, NKI incident reporting, entity classification, mandatory audit system, NIST-based risk classification, penalties, implementation timeline, and cyber insurance implications for Hungarian entities.
NIS2 Incident Reporting · · 18 min read
NIS2 Incident Reporting: 24-Hour, 72-Hour, and 1-Month Requirements Explained
Complete guide to NIS2 incident reporting timelines, requirements, and procedures. Learn what must be reported, when, and to whom under the EU cybersecurity directive.
NIS 2 · · 8 min read
NIS2 Ireland Preparation Guide: National Cyber Security Bill, NCSC Ireland and CyFun Framework for 2026
Complete guide to NIS2 preparation in Ireland. Covers the pending National Cyber Security Bill, NCSC Ireland authority, CyFun compliance framework adopted from Belgium, 15 Risk Management Measures, entity classification expectations, and what organizations should do now despite legislation not yet enacted.
NIS 2 · · 12 min read
NIS2 Italy: ACN Compliance Requirements, Enforcement Timeline, and What Italian Entities Must Do in 2026
Italy's Agenzia per la Cybersicurezza Nazionale (ACN) is enforcing NIS2 with surprise audits, dual-authority supervision, and personal liability for management. Essential entities face €10M fines. Complete guide to Italian NIS2 transposition, ACN registration, and compliance steps for Decree 138/2024.
NIS 2 · · 18 min read
NIS2 Malta Compliance Guide: MITA Competent Authority, NIS2 Implementing Regulations, and CSIRT-MT Incident Reporting for 2026
Complete guide to NIS2 compliance in Malta — covering the NIS2 Implementing Regulations 2025 under the Malta Digital Innovation Authority Act, MITA as the competent authority and SPOC, CSIRT-MT incident reporting, entity classification tailored to Malta's small market, sector requirements, penalties, implementation timeline, and cyber insurance implications for Maltese entities.
NIS 2 · · 11 min read
NIS2 Netherlands Compliance Guide: NCSC-NL Requirements for Dutch Entities
Complete guide to NIS2 compliance in the Netherlands. Covers NCSC-NL enforcement, Uitvoeringswet cybersecurityrichtlijn implementation, sector-specific requirements, deadlines, penalties, and what Dutch entities must do now.
NIS 2 · · 9 min read
NIS2 Penalties Explained: Essential vs Important Entities and What They Mean for Coverage
NIS2 fines range from €7M to €10M depending on entity classification. Understand essential vs important entity penalties and how compliance posture affects cyber insurance pricing.
NIS2 Penalties · · 6 min read
NIS2 Penalties & Fines Explained: What Organizations Actually Face in 2026
NIS2 fines can reach €10 million or 2% of global annual turnover—whichever is higher. This breakdown explains exactly which penalties apply to essential vs important entities, what triggers enforcement, and how underwriters should factor penalty exposure into cyber risk assessment.
NIS 2 · · 13 min read
NIS2 Poland Compliance Guide: Ustawa o Cyberbezpieczeństwie and NCSA Requirements for 2026
Complete guide to NIS2 compliance in Poland — covering the amended Cybersecurity Act (Ustawa o cyberbezpieczeństwie), NCSA enforcement, entity classification under Polish law, sector requirements, penalties, and implementation timeline for Polish entities.
NIS 2 · · 8 min read
NIS2 Portugal Compliance Guide: Decree-Law 125/2025, CNCS Authority and Four-Tier Entity Framework for 2026
Complete guide to NIS2 compliance in Portugal. Covers Decree-Law 125/2025 (Regime Jurídico da Cibersegurança), CNCS authority, unique four-tier entity classification, mandatory cybersecurity officer appointment, 24-month delayed enforcement, penalties up to €10M, and key registration deadlines.
Ransomware · · 7 min read
NIS2 Ransomware Reporting Requirements: What Incident Response Teams Must Know
Under NIS2, ransomware incidents trigger mandatory reporting obligations with tight deadlines and personal liability for management. Here is the compliance playbook incident response teams need.
NIS 2 · · 11 min read
NIS2 Romania Compliance Guide: Romanian Cybersecurity Law and ANSI Requirements for 2026
Complete guide to NIS2 compliance in Romania — covering the amended Cybersecurity Law (Legea 361/2018), ANSI enforcement, STS coordination, entity classification, sector requirements, penalties, and implementation timeline for Romanian entities.
NIS 2 · · 20 min read
NIS2 Slovakia Compliance Guide: Act on Cybersecurity Amendment, NBU Enforcement, and SK-CERT Incident Reporting for 2026
Complete guide to NIS2 compliance in Slovakia — covering the amended Act on Cybersecurity (Zákon o kybernetickej bezpečnosti), NBU (National Security Authority) enforcement as the competent authority and SPOC, SK-CERT incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Slovak entities.
NIS 2 · · 18 min read
NIS2 Slovenia Compliance Guide: Cybersecurity Act (ZKV-1), URSIV Enforcement, and SI-CERT Incident Reporting for 2026
Complete guide to NIS2 compliance in Slovenia — covering the Cybersecurity Act (Zakon o kibernetski varnosti / ZKV-1), URSIV enforcement as the national competent authority, SI-CERT incident reporting operated by ARNES, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Slovenian entities.
NIS 2 · · 13 min read
NIS2 Spain: INCIBE Compliance Requirements, Enforcement Timeline, and What Spanish Entities Must Do in 2026
INCIBE and CCN are enforcing NIS2 across Spain with sector-specific audits and registration mandates. Essential entities face €10M fines. Complete guide to Spanish NIS2 transposition, INCIBE oversight, and compliance steps for operators.
NIS 2 · · 10 min read
NIS2 Supply Chain Security Requirements: Third-Party Risk Management Guide for 2026
NIS2 Article 21 mandates supply chain security for all essential and important entities. Complete guide to third-party risk assessments, vendor security clauses, supply chain vulnerability monitoring, and compliance evidence — with free checklist and implementation templates.
NIS 2 · · 11 min read
NIS2 Sweden Compliance Guide: Cybersäkerhetslagen SFS 2025:1506, MCF Authority and Nordic Framework for 2026
Complete guide to NIS2 compliance in Sweden. Covers the Cybersäkerhetslagen (Cybersecurity Act SFS 2025:1506), MCF (formerly MSB) authority, CERT-SE incident reporting, entity classification, sector requirements, decentralized supervision model, penalties up to €10M, and the January 2026 entry into force.
NIS 2 · · 16 min read
NIS2 Underwriting Questions: What Every Cyber Insurance Broker Should Ask
Practical Line 1, Line 2, and Line 3 underwriting questions for NIS2-exposed clients. Essential vs important entities. Coverage gaps brokers should flag.
Cve 2026 43575 · · 7 min read
OpenClaw CVE-2026-43575: Critical Authentication Bypass Risks for Cyber Insurers
CVE-2026-43575 exposes OpenClaw sandbox users to credential theft. Learn how this 9.8 CVSS flaw impacts cyber insurance underwriting and claims.
UNKNOWN · · 8 min read
OpenClaw CVE-2026-44109: A Cyber Insurance Risk Signal
OpenClaw flaw (CVSS 9.8) enabled ransomware on a logistics firm, signaling a key claims driver for insurers: middleware authentication bypass. Underwriters must address configuration gaps.
Cyber Risk · · 7 min read
OpenClaw Vulnerability: Webhook Security as Systemic Risk for Insurers
A critical OpenClaw flaw (CVSS 9.8) exposes systemic risk in webhook misconfigurations, demanding stricter underwriting scrutiny and policy adjustments.
Cyber Risk · · 6 min read
Payment Plugin Flaw Puts E-commerce Data at Risk
CVE-2023-5132 exposes 10,000+ sites to data theft, highlighting third-party plugin risks for cyber insurance underwriting and coverage exposure.
Cyber Risk · · 6 min read
Perfect 10.0 CVSS Score Vulnerability Exposes Critical Insurance Risk Gaps
CVE-2023-34976 in Synology Video Station reveals how critical vulnerabilities can create unexpected pathways for cyber attacks, impacting insurance underwriting and risk assessment.
Threat Report · · 9 min read
Phishing Filters Bypass Security: $45M Healthcare Breach Wake-Up Call
A coordinated phishing campaign using malware filters evaded email security, causing $45M in losses. Insurers must reassess underwriting for advanced...
Threat Report · · 7 min read
Power BI Phishing: How Trusted Platforms Fuel Credential Theft & Insurance Risks
How the Power BI phishing campaign exploits SharePoint trust to steal credentials, reshaping cyber insurance underwriting and claims frequency.
Threat Report · · 6 min read
Power BI Phishing: How Trusted Platforms Fuel Cyber Insurance Claims
Phishing campaign uses SharePoint and Power BI to steal credentials across 1,800+ firms. How this drives up claims frequency and severity for cyber insurers.
Underwriting · · 5 min read
Pricing Blind: When You Can't See the Risk You're Insuring
Cyber underwriters are pricing policies based on questionnaires and self-reported data while the real attack surface stays hidden. Here is what you are missing and how to fix it.
Ransomware · · 7 min read
Ransomware Attack Vectors in 2026: What Risk Managers Must Monitor
Ransomware groups have moved beyond phishing. Here are the five dominant attack vectors risk managers need to understand — and how each one changes the insurance equation.
Ransomware · · 5 min read
Ransomware Claims in 2026: What the Data Tells Underwriters About Pricing Risk
Ransomware claims frequency is shifting again in 2026. Here is what the latest data patterns mean for how underwriters price cyber risk, structure deductibles, and evaluate ransomware-specific endorsements.
Ransomware · · 6 min read
Ransomware and Cyber Insurance: What Policies Actually Cover in 2026
Cyber insurance policies are being rewritten in real-time as ransomware losses reshape the market. Here is what is covered, what is excluded, and what underwriters are demanding before they write the risk.
Ransomware · · 6 min read
Ransomware Underwriting Models in 2026: From Flat Premiums to Dynamic Risk Pricing
Cyber underwriters still using flat ransomware pricing are leaving money on the table. Here is how leading insurers are building dynamic pricing models using threat intelligence, sector exposure, and real-time data.
Cyber Risk · · 8 min read
Reflected XSS in WordPress Plugin: An Underwriting Signal for Cyber Insurers
CVE-2023-47517 in SendPress Newsletters highlights how unpatched XSS flaws correlate with claims frequency, serving as a critical underwriting signal...
Cyber Risk · · 7 min read
Reflected XSS in WordPress Themes: A Hidden Risk for Cyber Insurers
CVE-2023-28621 (CVSS 7.1) in Raise Mag/Wishful Blog themes drives claims frequency via business interruption, data exposure, and regulatory liability....
Residual Risk · · 6 min read
Residual Risk Is Why Insurance Exists
Security reduces risk. It never eliminates it. The gap between what controls can achieve and what remains is residual risk — the entire reason cyber insurance exists. And it is the most under-discussed concept in the industry.
Resilience Stack · · 12 min read
The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment
Introducing The Resilience Stack™ — Resiliently's proprietary framework that maps the full cyber risk journey from external threats to insurance readiness, with free assessment tools at every layer.
Security Ratings · · 5 min read
Why Security Ratings Don't Work for Cyber Insurance Underwriting (And What Does)
BitSight, SecurityScorecard, and UpGuard give you an A-F score. But underwriters need financial exposure in EUR. Here's why passive security ratings fail underwriting decisions and what Resiliently's financial exposure approach does differently.
Threat Report · · 6 min read
SideWinder APT Targets Maritime & Nuclear: New Risks for Cyber Insurers
State-sponsored SideWinder campaign hits ports and nuclear facilities, converging business interruption and physical damage risks—creating coverage gray zones for insurers.
Threat Report · · 7 min read
SimpleHelp Exploit: How RMM Vulnerabilities Trigger Cyber Insurance Claims
SimpleHelp RMM flaws enable Sliver C2 attacks and ransomware. For cyber insurers, this shows RMM as a single point of failure with cascading claims risk.
Cyber Risk · · 5 min read
Slimstat Analytics SQL Injection: A Hidden Risk for Cyber Insurers
CVE-2023-4598 affects over 300k WordPress sites, creating significant exposure for insurers despite requiring authentication.
Cyber Risk Quantification · · 5 min read
Why SMBs Can't Afford Cyber Risk Quantification (And Why That's About to Change)
Safe Security costs $50k+/yr. Kovrr is enterprise-only. Axio requires dedicated risk analysts. Meanwhile, SMBs with €10M-€500M revenue are expected to quantify cyber risk for insurance submissions with none of these tools. Resiliently brings FAIR-aligned Monte Carlo simulation to SMBs starting at €199/month — with euro-denominated output that underwriters actually use.
Threat Report · · 7 min read
SmokeLoader Campaign: Open Directory Risks for Insurers
SmokeLoader's use of open directories in Ukraine highlights a universal risk: basic security gaps continue to drive cyber insurance claims frequency...
Cyber Risk · · 9 min read
SQL Injection Flaw in WP Project Manager Exposes 30K+ Sites to Unauthenticated Attacks
CVE-2023-34383 creates significant cyber insurance risk through unauthenticated database access, highlighting CMS plugin vulnerabilities that...
Cyber Risk · · 9 min read
Stored XSS in Atarim Plugin: A High-Severity Risk for Cyber Insurers
Unauthenticated stored XSS (CVSS 7.1) in Atarim plugin exposes insureds to data breaches and malware. Underwriters must assess patch management and...
Supply Chain · · 7 min read
Supply Chain Attack Loss Scenario: What Happens When Your Vendor Gets Compromised
A detailed walkthrough of a realistic supply chain cyber attack loss scenario — from initial compromise through business interruption, third-party claims, and insurance recovery. Essential reading for underwriters pricing vendor-dependent risks.
Cyber Risk · · 6 min read
TensorFlow Zip Slip Vulnerability: A New Cyber Insurance Risk Vector
CVE-2023-5245 in TensorFlow's model loading enables arbitrary file write, increasing data breach and ransomware risks. Underwriters must assess ML...
Resilience Stack · · 21 min read
The Resilience Stack™: A 5-Layer Framework for Cyber Insurance Risk Assessment
Introducing the Resilience Stack™ — RESILIENTLY's proprietary framework for evaluating cyber risk across five layers: threat landscape, exposure surface, regulatory posture, financial impact, and insurance readiness.
Security Ratings · · 6 min read
The Security Rating Charade: Why Your $250,000 Tool Keeps You in the Dark
SecurityScorecard, UpGuard, and Bitsight charge enterprises six figures for letter grades. But CISOs are discovering these ratings don't predict breach costs. Here's what's missing — and the growing movement toward financial-exposure-based risk assessment.
Cyber Risk · · 7 min read
The SQL Injection That Exposed E-Commerce Underwriting Blind Spots
Cyber insurers face underwriting blind spots from third-party plugin risks, as highlighted by CVE-2023-40923 SQL injection affecting 12,000+ e-commerce...
Cyber Risk · · 6 min read
Thousands of WordPress Sites at Risk from Critical Plugin Vulnerability
CVE-2023-5428 exposes 15,000+ sites to SQL injection attacks, highlighting web application risks that drive cyber insurance claims and underwriting...
Cyber Risk · · 10 min read
Akira Ransomware Exploits Webcams: New Attack Vector for Threat Actors
Akira ransomware exploits webcams to bypass EDR. Learn how this new attack vector impacts cyber insurance risk assessment for brokers and CISOs.
Threat Report · · 8 min read
Trusted Platform Phishing: Cyber Insurance Risks from SharePoint & Power BI Attacks
New phishing campaign exploits Microsoft SharePoint and Power BI to bypass security. For underwriters, this shifts risk modeling and requires coverage updates.
Cyber Risk · · 4 min read
The Uncomfortable Truth About Cyber Risk in 2026
Five things I'm seeing in the threat landscape that most security leaders aren't talking about enough.
Cyber Risk · · 6 min read
Unpatched WordPress Plugins Create Major Cyber Risk Exposure
SQL injection vulnerability in WD WidgetTwitter plugin affects 100k+ sites, highlighting critical underwriting risks for cyber insurance policies...
Threat Intel · · 5 min read
Weekly Threat Digest: Week 19, 2026
Week 19 threat digest: 179 threats tracked, 24 critical, 142 high severity. Analysis for cyber insurance professionals.
Threat Intel · · 7 min read
Weekly Threat Digest: Week 20, 2026
Week 20 threat digest: 197 threats tracked, 29 critical, 155 high severity. Cyber risk analysis with security audit signals for cyber insurance risk assessment professionals.
NIS 2 · · 14 min read
What Eclipse Ditto Security Gaps Mean for Your Cyber Policy
OpenHack whitebox review of Eclipse Ditto reveals digital twin authentication bypass, policy injection, and WebSocket exposure patterns that increase OT and manufacturing cyber insurance claims risk.
NIS 2 · · 15 min read
What HashiCorp Vault Security Gaps Mean for Your Cyber Policy
OpenHack whitebox review of HashiCorp Vault reveals seal bypass risks, token leakage patterns, and storage backend misconfigurations that undermine the foundation of secret management assurance for cyber insurance.
NIS 2 · · 14 min read
What Keycloak Security Gaps Mean for Your Cyber Policy
OpenHack whitebox review of Keycloak reveals authentication bypass, session fixation, and RBAC misconfiguration patterns that directly impact identity-related cyber insurance claims.
NIS 2 · · 14 min read
What OpenZeppelin Contracts Security Gaps Mean for Your Cyber Policy
OpenHack whitebox review of OpenZeppelin Contracts reveals reentrancy patterns, access control gaps, and gas griefing vectors that underwriters must factor into DeFi and smart contract risk pricing.
NIS 2 · · 14 min read
What Strimzi Security Gaps Mean for Your Cyber Policy
OpenHack whitebox review of Strimzi Kafka Operator reveals privilege escalation in K8s RBAC, unsafe deserialization, and certificate management gaps that impact OT and manufacturing cyber insurance.
Security Ratings · · 6 min read
Why Existing Attack Surface Tools Are Failing Insurance Brokers
SecurityScorecard charges $100K for vendor risk ratings that do not help brokers place coverage. Resiliently Broker Scorecard fills the gap - financial exposure estimates, underwriter-ready PDFs, and binding recommendations starting at €199/month.
Broker Tools · · 6 min read
Why Brokers Pay €199/mo Instead of $16,500/yr — The Attack Surface Management Pricing Revolution
SecurityScorecard starts at $16,500/year. UpGuard at $21,000. Assetnote at $230,000. Yet 70% of cyber insurance submissions are placed by independent brokers who can't justify that spend. Resiliently delivers hourly scanning + euro risk quantification for €199/month. Here's how the math works — and why it changes everything for the submission process.
Cyber Risk · · 8 min read
Windows CLFS Vulnerability: An Underwriting Signal for Cyber Insurers
CVE-2023-36424 is a privilege escalation flaw that turns low-severity incidents into high-severity claims. Learn why cyber insurers must watch this...
Cyber Risk · · 8 min read
WooCommerce Plugin XSS Flaw: A Cyber Insurance Underwriting Concern
Unauthenticated XSS in Gravity Master plugin affects 28% of online stores. Cyber insurers should evaluate plugin dependency risk and incident response...
Cyber Risk · · 6 min read
WordPress Brizy Plugin Flaw Exposes Thousands to Admin Takeover
CVE-2020-36714 authorization bypass in popular WordPress plugin creates third-party risk leading to first-party losses and increased cyber insurance claims.
Cyber Risk · · 6 min read
WordPress Plugin CVE-2023-5843: Critical RCE Risk for Insurers
Unauthenticated remote code execution vulnerability in popular WordPress plugin poses severe cyber insurance portfolio risk.
Cyber Risk · · 6 min read
WordPress Plugin Flaw CVE-2022-4290 Exposes 10,000+ Sites to Cyber Risk
Critical SQL injection vulnerability in Cyr to Lat plugin creates significant cyber insurance exposure for 10,000+ WordPress sites, highlighting third-party plugin risks.
Cyber Risk · · 5 min read
WordPress Plugin Flaw CVE-2023-5250 Exposes Thousands of Sites to Cyber Risk
Critical WordPress plugin vulnerability highlights growing CMS security risks and potential insurance exposure for thousands of websites.
Cyber Risk · · 6 min read
WordPress Plugin Flaw CVE-2023-5426 Exposes Sites to Data Deletion
Critical vulnerability in Post Meta Data Manager plugin affects 10,000+ WordPress sites, creating cyber insurance exposure through unauthorized...
Cyber Risk · · 8 min read
WordPress Plugin Flaw CVE-2023-5430: Hidden Cyber Risk for Insurers
Critical SQL injection vulnerability in jQuery News Ticker plugin creates material exposure for cyber insurance portfolios, highlighting third-party...
Cyber Risk · · 5 min read
WordPress Plugin Flaw CVE-2023-5434: Cyber Insurance Risk Alert
Critical SQL injection vulnerability in popular WordPress plugin exposes sites to data breaches, impacting cyber insurance underwriting and claims risk...
Cyber Risk · · 6 min read
WordPress Plugin Flaw CVE-2023-5435: Cyber Insurance Risk Alert
Critical SQL injection vulnerability in popular WordPress plugin affects 10,000+ sites, creating significant data breach risks that impact cyber...
Cyber Risk · · 5 min read
WordPress Plugin Flaw CVE-2023-5583 Exposes 12K+ Sites to Critical Attacks
PHP Object Injection vulnerability in WP Simple Galleries plugin creates significant cyber insurance exposure risks.
Cyber Risk · · 6 min read
WordPress Plugin Flaw Exposes 10,000+ Sites to Data Theft
CVE-2023-5429's SQL injection vulnerability in Information Reel plugin creates significant cyber insurance risk exposure for WordPress sites.
Cyber Risk · · 5 min read
WordPress Plugin Flaw Exposes 100K+ Sites to Database Theft
CVE-2023-4598 vulnerability in Slimstat Analytics plugin creates major cyber insurance exposure risks.
Cyber Risk · · 6 min read
WordPress Plugin Flaw Exposes 40K Sites to Cyber Risk
CVE-2023-4402 highlights critical underwriting concerns around WordPress plugin vulnerabilities and third-party component risk.
Cyber Risk · · 6 min read
WordPress Plugin Flaw Exposes Cyber Insurance Portfolios to SQL Injection Risks
CVE-2023-4999 vulnerability in Horizontal Scrolling Announcement plugin affects 43% of websites, creating systemic risk for insurers.
Cyber Risk · · 6 min read
WordPress Plugin Flaw Exposes Healthcare Data: Cyber Insurance Risks
CVE-2023-25983 vulnerability in KB Support plugin creates high-severity risks for data breaches and business email compromise attacks.
Cyber Risk · · 9 min read
WordPress Plugin Flaw Turns Subscribers into Data Modifiers: Underwriting Risk
CVE-2023-5311 in WP EXtra plugin lets low-privilege users modify server data, expanding attack surface. Insurers must reassess risk profiles and policy language for WordPress sites.
Cyber Risk · · 9 min read
WordPress Plugin SQL Injection: A Growing Cyber Insurance Threat
Discover how WordPress plugin SQL injection vulnerabilities impact cyber insurance risk assessment, underwriting decisions, and claims for SMB...
Cyber Risk · · 9 min read
WordPress Plugin Vulnerabilities: A Hidden Cyber Insurance Risk
WordPress plugin SQL injection flaws like CVE-2023-5464 drive cyber insurance claims. Discover underwriting strategies to assess and mitigate this...
Cyber Risk · · 5 min read
WordPress Plugin Vulnerability CVE-2022-41616: Cyber Insurance Risk Analysis
How the Export Users Data CSV plugin flaw exposes organizations to supply chain attacks and increases cyber insurance claims frequency by 18%.
Cyber Risk · · 6 min read
WordPress Plugin Vulnerability CVE-2023-46621: Cyber Insurance Risk Alert
Unauthenticated XSS flaw in popular User Avatar plugin creates widespread exposure for WordPress sites. Critical underwriting considerations for cyber...
Cyber Risk · · 9 min read
WordPress Plugin Vulnerability CVE-2023-5132: A Wake-Up Call for Underwriters
CVE-2023-5132 exposes e-commerce sites to data theft via missing capability check. Underwriters must assess third-party plugin dependencies and their impact on coverage decisions.
Cyber Risk · · 6 min read
WordPress Plugin XSS Flaw Exposes 10K+ Sites to Cyber Risk
CVE-2023-46627 affects Simple HTML Sitemap plugin, creating potential liability gaps for cyber insurance policies covering third-party component...
Cyber Risk · · 6 min read
WordPress Plugin XSS Flaw Exposes 50K+ Sites to Cyber Attacks
CVE-2023-32298 affects widely-used Simple User Listing plugin, increasing phishing risks and claims frequency for insurers.
Cyber Risk · · 5 min read
WordPress Plugin XSS Vulnerability Exposes Cyber Insurance Portfolios to Persistent Web Risks
CVE-2023-5538 in MpOperationLogs plugin affects 1,200 sites globally. Unauthenticated stored XSS creates underwriting risks for cyber insurance portfolios.
Cyber Risk · · 6 min read
WordPress Security Plugin Flaw Exposes 100K+ Sites to Cyber Risk
CVE-2022-4712 in WP Cerber Security affects 100,000+ WordPress sites, creating systemic risk for organizations relying on this popular security plugin for login protection.
Cyber Risk · · 6 min read
WordPress Security Plugin Flaw Exposes Organizations to Cyber Claims
CVE-2020-36698 in CleanTalk plugin creates coverage gaps as 34% surge in CMS-related cyber claims hits insurers.
Cyber Risk · · 6 min read
WordPress SQL Injection CVE-2022-46859: Cyber Insurance Claims Risk
How CMS vulnerabilities like CVE-2022-46859 create measurable business risk and significant cyber insurance claims exposure for organizations.
Cyber Risk · · 9 min read
WordPress SQL Injection CVE-2023-36508 Exposes Portfolio Risk
High-severity vulnerability in popular WordPress plugin reveals systemic risks affecting cyber insurance underwriting and claims modeling.
Cyber Risk · · 10 min read
WordPress SQL Injection: CVE-2023-5439 Cyber Insurance Portfolio Risk Analysis
WordPress plugin SQL injection flaws like CVE-2023-5439 consistently drive data breach claims. Learn how to assess cyber insurance portfolio exposure...
Cyber Risk · · 10 min read
WordPress SQL Injection: Cyber Insurance Lessons from CVE-2023-33927
Discover how the WordPress CVE-2023-33927 SQL injection flaw impacts cyber insurance claims frequency, coverage determinations, and underwriting gaps.
Cyber Risk · · 6 min read
WordPress SQL Injection Flaw CVE-2023-5433 Exposes 100K+ Sites to Cyber Risk
Over 100,000 WordPress sites remain vulnerable to CVE-2023-5433, creating significant cyber insurance exposure through increased claim frequencies and...
Cyber Risk · · 9 min read
WordPress SQL Injection Flaw: Cyber Insurance Portfolio Risk
CVE-2023-31212 exposes 20,000+ WordPress sites to SQL injection attacks. Learn how this vulnerability impacts cyber insurance underwriting and...
Cyber Risk · · 11 min read
WordPress SQL Injection Risks: Cyber Insurance Portfolio Exposure
How WordPress plugin SQL injection vulnerabilities like CVE-2023-24000 create cyber insurance portfolio risk and key underwriting signals to monitor.
Cyber Risk · · 10 min read
WordPress SQL Injection: What CVE-2023-5437 Means for Insurance Risk
CVE-2023-5437 WordPress SQL injection impact on cyber insurance underwriting, claims frequency, and portfolio risk assessment.
Cyber Risk · · 6 min read
WordPress User Avatar Plugin XSS Vulnerability: Cyber Risk Analysis
CVE-2023-46621 affects 100k+ WordPress sites, exposing them to session hijacking and defacement risks that impact cyber insurance underwriting.
Cyber Risk · · 5 min read
WPvivid Plugin Flaw Exposes Thousands to Authentication Bypass
CVE-2023-5576 reveals critical vendor security gaps affecting over 100,000 WordPress sites, impacting cyber insurance risk assessment and claims frequency.
Cyber Insurance · · 6 min read
Zurich's £8.1B Beazley Acquisition: What It Means for Cyber Insurance's Future
Zurich Insurance just agreed to acquire Beazley for £8.1 billion — the largest cyber insurance deal in history. Here's what the acquisition means for brokers, underwriters, and the broader cyber risk market.
Stay ahead of cyber risk
Weekly insights on NIS 2, DORA, ransomware, and risk engineering — delivered to your inbox.