CFOs and boards need to understand risk in financial terms. Insurance data can do this.
Obtaining adequate cybersecurity budget from the board requires translating technical risk into business financial risk – an ability that is not always available to security technicians. Resilience, a firm that provides insurance, risk decision support and consultancy, can assist.
Through its insurance service, Resilience can directly relate financial loss to specific cybersecurity events and their likely occurrence, allowing CISOs to present technical risk as the monetary risk that CFOs and board members readily understand.
The firm’s latest analysis does this for ransomware in manufacturing, which is industry’s most targeted sector (in 2025, 25% of cyberattacks targeted manufacturing). Since different sectors have different characteristics, the precise details do not represent industry and commerce at large, but the principles contained remain valid, and all sectors can benefit from them.
The details in the report are drawn from the firm’s own proprietary manufacturing cyber insurance claims portfolio from March 2021 through February 2026, and synthesized with data from other publicly available sources such as IBM X-Force and KELA.
The outstanding headline is that the cost of ransomware is high: 90% of incurred loss over this period is attributable to ransomware while only 12% of the claims relate to ransomware. Ransomware attacks are increasing across the board, but especially in manufacturing where downtime could be catastrophic to the victim, or beneficial to adversarial nation states (see the more recent Iran-linked attack on Stryker).
The value of the Resilience data to CISOs comes from mapping the security failure points in its portfolio to the ultimate cost of the security incident. Two key failures stand out. Firstly, 13% of losses stem from software vulnerability exploits. This highlights the need for improved patching cycles.
While it is true that manufacturing has specific and severe patching problems, very few companies anywhere invest in adequate, rapid patching. For manufacturing, Resilience recommends, “Organizations should implement compensating controls including network isolation, virtual patching, and enhanced monitoring of vulnerable systems.”
Perhaps more surprising, however, is that double the exploit loss is caused by MFA misconfigurations – the number one point of failure – leading to financial loss at 26%. (This figure dwarfs the loss incurred by the absence of MFA which stands at 8%; but the probable reasons are no excuse nor argument for not installing properly configured MFA.)
The single largest loss in the portfolio, a ransomware attack attributed to BlackCat, was directly enabled by misconfigured MFA.
Resilience recommends that MFA validation should be treated as a continuous process. “The priority is not just deploying MFA but auditing existing deployments to ensure enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.”
Beyond ransomware, the report highlights loss incurred through transfer fraud and email compromise, which comprise 30% of all claims. These attacks are more frequent than ransomware even if the loss is less severe. In both cases, the primary point of failure is phishing leading to credential compromise, which is implicit in more events than these.
“Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.”
The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general.
While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.
“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”
The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”
Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.
Learn More at the CISO Forum at the Ritz-Carlton, Half Moon Bay
Related: Ransomware Hits Automotive Data Expert Autovista
Related: Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping
Related: Masimo Manufacturing Facilities Hit by Cyberattack
Related: Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
