Resiliently — Cyber Risk Intelligence

Resiliently — Cyber Risk IntelligenceExpert cyber risk insights for insurance underwriters, risk engineers, and brokers. In-depth analysis on NIS2, DORA, ransomware claims, and AI-driven risk assessment.https://resiliently.ai/enBSI Opens NIS2 Enforcement: What German Entities Must Do Before the Audithttps://resiliently.ai/blog/posts/bsi-nis2-enforcement-what-german-entities-must-do/https://resiliently.ai/blog/posts/bsi-nis2-enforcement-what-german-entities-must-do/BSI has begun NIS2 enforcement audits. Essential entities in Germany face up to €10M fines. Here is what your audit readiness checklist looks like for 2026.Fri, 10 Apr 2026 00:00:00 GMTnis2enforcementgermanybsicomplianceauditmichael-guiaoNIS2 Intelligence Digest — BSI Enforcement Activated, Penalty Calculators Updatedhttps://resiliently.ai/blog/posts/newsletter-2026-04-10/https://resiliently.ai/blog/posts/newsletter-2026-04-10/Weekly intelligence on NIS2 enforcement, supervisory activity, and cyber insurance market developments across the EU.Fri, 10 Apr 2026 00:00:00 GMTnis2intelligencenewsletterenforcementbsicyber-insurancemichael-guiaoNIS2 Compliance Checklist for 2026: What Brokers Need to Verify Before Coverage Placementhttps://resiliently.ai/blog/posts/nis2-compliance-checklist-2026-what-brokers-need-to-verify/https://resiliently.ai/blog/posts/nis2-compliance-checklist-2026-what-brokers-need-to-verify/Before placing cyber coverage for NIS2 in-scope clients, verify these 10 compliance checkpoints. Missing documentation is the most common coverage gap.Fri, 10 Apr 2026 00:00:00 GMTnis2compliancebrokersunderwritingchecklistcyber-insurancemichael-guiaoNIS2 Penalties Explained: Essential vs Important Entities and What They Mean for Coveragehttps://resiliently.ai/blog/posts/nis2-penalties-essential-vs-important-entities/https://resiliently.ai/blog/posts/nis2-penalties-essential-vs-important-entities/NIS2 fines range from €7M to €10M depending on entity classification. Understand essential vs important entity penalties and how compliance posture affects cyber insurance pricing.Fri, 10 Apr 2026 00:00:00 GMTnis2penaltiesfinescompliancecyber-insuranceessential-entitiesimportant-entitiesmichael-guiaoNIS2 Penalties & Fines Explained: What Organizations Actually Face in 2026https://resiliently.ai/blog/posts/nis2-penalties-fines-explained-2026/https://resiliently.ai/blog/posts/nis2-penalties-fines-explained-2026/NIS2 fines can reach €10 million or 2% of global annual turnover—whichever is higher. This breakdown explains exactly which penalties apply to essential vs important entities, what triggers enforcement, and how underwriters should factor penalty exposure into cyber risk assessment.Fri, 10 Apr 2026 00:00:00 GMTnis2 penaltiesnis2 finesnis2 enforcementnis2 non-compliancecompliancecyber riskunderwritingmichael-guiaoNIS2 Underwriting Questions: What Every Cyber Insurance Broker Should Askhttps://resiliently.ai/blog/posts/nis2-underwriting-questions-brokers/https://resiliently.ai/blog/posts/nis2-underwriting-questions-brokers/Practical Line 1, Line 2, and Line 3 underwriting questions for NIS2-exposed clients. Essential vs important entities. Coverage gaps brokers should flag.Fri, 10 Apr 2026 00:00:00 GMTnis2cyber-insuranceunderwritingcomplianceeu-regulationbrokersmichael-guiaoNIS2 Underwriting Questions - Diagram Specificationshttps://resiliently.ai/blog/posts/nis2-underwriting-questions-brokersdiagrams/https://resiliently.ai/blog/posts/nis2-underwriting-questions-brokersdiagrams/Mermaid and ASCII diagram specifications for NIS2 underwriting visual elementsFri, 10 Apr 2026 00:00:00 GMTnis2underwritingCyber Insurance Comparison: How to Evaluate and Compare Policies in 2026https://resiliently.ai/blog/posts/cyber-insurance-comparison-how-to-evaluate-2026/https://resiliently.ai/blog/posts/cyber-insurance-comparison-how-to-evaluate-2026/Learn how to compare cyber insurance policies in 2026. Coverage limits, deductibles, exclusions, endorsements, top EU providers, and a buyer's checklist. Includes NIS2 impact on policy selection.Thu, 09 Apr 2026 00:00:00 GMTcyber insurance comparisoncompare cyber insurancebest cyber insurance policycyber insurance providers comparisonNIS2cyber riskunderwritingmichael-guiaoWhat Does Cyber Insurance Cover in 2026? First-Party and Third-Party Coverage Explainedhttps://resiliently.ai/blog/posts/cyber-insurance-coverage-what-is-covered-2026/https://resiliently.ai/blog/posts/cyber-insurance-coverage-what-is-covered-2026/Complete guide to cyber insurance coverage in 2026. Learn what policies actually cover: data breach response, business interruption, cyber extortion, privacy liability, regulatory defense, and more. Understand first-party vs third-party coverage.Wed, 08 Apr 2026 00:00:00 GMTcyber insurance coveragewhat does cyber insurance coverfirst-party coveragethird-party coveragedata breach insurancecyber liabilitybusiness interruptionprivacy liabilitymichael-guiaoCyber Insurance Exclusions: What's NOT Covered in 2026https://resiliently.ai/blog/posts/cyber-insurance-exclusions-what-is-not-covered-2026/https://resiliently.ai/blog/posts/cyber-insurance-exclusions-what-is-not-covered-2026/Critical guide to cyber insurance exclusions and coverage gaps. Learn what most policies don't cover, from unencrypted devices to nation-state attacks, and how to protect your business from blind spots.Wed, 08 Apr 2026 00:00:00 GMTcyber insuranceexclusionscoverage gapscyber riskinsurance claimsrisk managementmichael-guiaoNIS2 Compliance Checklist: 70+ Action Items for the 2026 Deadlinehttps://resiliently.ai/blog/posts/nis2-compliance-checklist-2026/https://resiliently.ai/blog/posts/nis2-compliance-checklist-2026/Complete NIS2 compliance checklist with 70+ action items covering risk management, incident reporting, supply chain security, and governance. Essential preparation for EU enforcement.Wed, 08 Apr 2026 00:00:00 GMTnis2compliancechecklistcyber-riskmichael-guiaoNIS2 Compliance Checklist 2026: Complete Guide for Insurance Professionalshttps://resiliently.ai/blog/posts/nis2-compliance-checklist-guide-2026/https://resiliently.ai/blog/posts/nis2-compliance-checklist-guide-2026/Complete NIS2 compliance checklist with requirements, deadlines, and implementation steps. Get your organization compliant with our expert guide.Wed, 08 Apr 2026 00:00:00 GMTnis2 compliance checklistnis2 requirementshow to comply with nis2compliancecyber-riskmichael-guiaoWhat is NIS2 Compliance? A Complete Guide for 2026https://resiliently.ai/blog/posts/nis2-compliance-guide-2026/https://resiliently.ai/blog/posts/nis2-compliance-guide-2026/Master NIS2 compliance in 2026. Understand the EU cybersecurity directive, who it affects, key requirements, penalties, and how to prepare before enforcement.Wed, 08 Apr 2026 00:00:00 GMTnis2complianceeu-cybersecuritycybersecuritymichael-guiaoNIS2 Compliance Requirements: 10 Mandatory Security Controls Before the 2026 Deadlinehttps://resiliently.ai/blog/posts/nis2-compliance-requirements-deadline-2026/https://resiliently.ai/blog/posts/nis2-compliance-requirements-deadline-2026/Master NIS2 compliance with our guide to the 10 mandatory security requirements. Learn what to implement, when deadlines hit, and how to avoid penalties up to €10 million or 2% of global turnover.Wed, 08 Apr 2026 00:00:00 GMTnis2 compliance requirementsnis2 deadline 2026cybersecurity complianceeu regulationrisk managementmichael-guiaoNIS2 Essential vs Important Entities: Classification Guide for 2026https://resiliently.ai/blog/posts/nis2-essential-vs-important-entities-2026/https://resiliently.ai/blog/posts/nis2-essential-vs-important-entities-2026/Understand the critical difference between NIS2 essential and important entities. Classification criteria, compliance requirements, penalty differences, and what it means for your cyber insurance.Wed, 08 Apr 2026 00:00:00 GMTnis2complianceessential entitiesimportant entitiesclassificationcyber insurancemichael-guiaoNIS2 Incident Reporting: 24-Hour, 72-Hour, and 1-Month Requirements Explainedhttps://resiliently.ai/blog/posts/nis2-incident-reporting-requirements-2026/https://resiliently.ai/blog/posts/nis2-incident-reporting-requirements-2026/Complete guide to NIS2 incident reporting timelines, requirements, and procedures. Learn what must be reported, when, and to whom under the EU cybersecurity directive.Wed, 08 Apr 2026 00:00:00 GMTnis2 incident reportingnis2 notification timelinecybersecurity incident reporting EUcompliancecyber-riskmichael-guiaoAgentic Security: What Underwriters Need to Know in 2026https://resiliently.ai/blog/posts/agentic-security-underwriting-autonomous-ai-2026/https://resiliently.ai/blog/posts/agentic-security-underwriting-autonomous-ai-2026/Autonomous AI agents are entering production at scale — and they bring a completely new attack surface that traditional cyber insurance questionnaires weren't designed to capture.Tue, 07 Apr 2026 00:00:00 GMTagentic-aicyber-riskunderwritingnis2ai-securitymichael-guiaoHow Much Does Cyber Insurance Cost in 2026? A Pricing Breakdown for Underwriters and Buyershttps://resiliently.ai/blog/posts/cyber-insurance-cost-factors-2026/https://resiliently.ai/blog/posts/cyber-insurance-cost-factors-2026/Complete guide to cyber insurance pricing in 2026. Learn the key factors that determine premiums, from revenue size to security controls, with real market benchmarks for SMEs and mid-market companies.Thu, 02 Apr 2026 00:00:00 GMTcyber insurancepricingunderwritingpremiumsNIS2risk assessmentcyber riskSMEmichael-guiaoCyber Insurance Buying Guide 2026: What Every Business Needs to Knowhttps://resiliently.ai/blog/posts/cyber-insurance-buying-guide-2026/https://resiliently.ai/blog/posts/cyber-insurance-buying-guide-2026/A practical guide to choosing the right cyber insurance policy in 2026. Covers NIS2 compliance, key coverage areas, common exclusions, and how to get the best terms.Tue, 31 Mar 2026 00:00:00 GMTcyber-insuranceNIS2cyber-riskinsurance-buying-guidecyber-coveragemichael-guiaoRansomware Claims in 2026: What the Data Tells Underwriters About Pricing Riskhttps://resiliently.ai/blog/posts/ransomware-claims-2026-underwriter-pricing/https://resiliently.ai/blog/posts/ransomware-claims-2026-underwriter-pricing/Ransomware claims frequency is shifting again in 2026. Here is what the latest data patterns mean for how underwriters price cyber risk, structure deductibles, and evaluate ransomware-specific endorsements.Tue, 31 Mar 2026 00:00:00 GMTransomwarecyber-insuranceclaimsunderwritingrisk-pricingmichael-guiaoThe NIS2 Audit Crunch: What Underwriters Need to Know Before June 30, 2026https://resiliently.ai/blog/posts/nis2-audit-crunch-underwriters-june-2026/https://resiliently.ai/blog/posts/nis2-audit-crunch-underwriters-june-2026/With the June 30, 2026 NIS2 compliance audit deadline approaching, cyber underwriters face a narrow window to reassess risk profiles across their entire European portfolio. Here is what the audit requirement means for how you evaluate, price, and write cyber coverage.Mon, 30 Mar 2026 00:00:00 GMTnis2cyber-insuranceunderwritingcomplianceeu-regulationmichael-guiaoThe €50,000 Domain That Could Bankrupt Your SMB: Why External Attack Surface Discovery Cannot Waithttps://resiliently.ai/blog/posts/euro-domain-attack-surface-smb-2026/https://resiliently.ai/blog/posts/euro-domain-attack-surface-smb-2026/Your domain portfolio is your biggest attack surface - and most security teams have no idea what is exposed. Learn how to quantify your financial exposure in euros, not letter grades.Thu, 26 Mar 2026 00:00:00 GMTattack-surfacecyber-risksmb-securitydomain-exposuremichael-guiaoNIS2 Directive: The Complete Compliance Guide for 2026https://resiliently.ai/blog/posts/nis2-directive-compliance-guide-2026/https://resiliently.ai/blog/posts/nis2-directive-compliance-guide-2026/Everything you need to know about NIS2 compliance in 2026: which sectors are affected, key requirements, deadlines, and how to prepare your organization for the EU cybersecurity directive.Thu, 26 Mar 2026 00:00:00 GMTnis2compliancecyber-riskeu-regulationmichael-guiaoThe Uncomfortable Truth About Cyber Risk in 2026https://resiliently.ai/blog/posts/uncomfortable-truth-cyber-risk-2026/https://resiliently.ai/blog/posts/uncomfortable-truth-cyber-risk-2026/Five things I'm seeing in the threat landscape that most security leaders aren't talking about enough.Tue, 24 Mar 2026 00:00:00 GMTcyber-riskthreat-intelligenceunderwritingmichael-guiaoDeepfake-Enabled BEC: The Claim Trend Underwriters Cannot Ignorehttps://resiliently.ai/blog/posts/deepfake-enabled-bec-claim-trend-underwriters/https://resiliently.ai/blog/posts/deepfake-enabled-bec-claim-trend-underwriters/Business email compromise has been the most financially devastating category of cybercrime for years. Now deepfakes are supercharging that dynamic, and the claims data is starting to reflect it.Mon, 23 Mar 2026 00:00:00 GMTcyber-riskbecdeepfakesunderwritingclaimsmichael-guiaoAI in Cyber Underwriting: Attacker, Defender, and Underwriter Perspectiveshttps://resiliently.ai/blog/posts/ai-in-cyber-underwriting-three-perspectives/https://resiliently.ai/blog/posts/ai-in-cyber-underwriting-three-perspectives/Exploring how AI transforms cyber risk from three angles: how threat actors weaponize it, how security teams deploy it, and how underwriters must adapt their approach.Tue, 17 Feb 2026 00:00:00 GMTaicyber-insuranceunderwritingthreat-intelligencemichael-guiaoIntroducing The Underwriter's Edgehttps://resiliently.ai/blog/posts/introducing-the-underwriters-edge/https://resiliently.ai/blog/posts/introducing-the-underwriters-edge/A new weekly newsletter for cyber underwriters, risk engineers, and brokers who want to stay ahead of threats, regulations, and emerging risks.Tue, 17 Feb 2026 00:00:00 GMTnewslettercyber-insuranceunderwritingmichael-guiaoNIS2 and DORA: What Cyber Underwriters Need to Knowhttps://resiliently.ai/blog/posts/nis2-dora-what-underwriters-need-to-know/https://resiliently.ai/blog/posts/nis2-dora-what-underwriters-need-to-know/A practical breakdown of how the NIS2 Directive and DORA regulation affect cyber insurance underwriting in Europe.Sun, 15 Feb 2026 00:00:00 GMTcyber-riskcomplianceunderwritingmichael-guiaoHow AI Is Changing Cyber Risk Assessmenthttps://resiliently.ai/blog/posts/ai-automation-in-cyber-risk-assessment/https://resiliently.ai/blog/posts/ai-automation-in-cyber-risk-assessment/A look at how AI and multi-agent systems are starting to transform the way we evaluate and underwrite cyber risk.Tue, 10 Feb 2026 00:00:00 GMTai-opscyber-riskunderwritingmichael-guiaoBuilding in Public: Why I Started Resilientlyhttps://resiliently.ai/blog/posts/building-in-public-why-i-started-resiliently/https://resiliently.ai/blog/posts/building-in-public-why-i-started-resiliently/The story behind this site — why I'm sharing my work at the intersection of cyber risk engineering and AI automation.Thu, 05 Feb 2026 00:00:00 GMTlearning-in-publicai-opsmichael-guiao