As the world has gone more digital, there’s been a corresponding increase in digital crime. Cybercrime is a massive problem that costs trillions of dollars in lost revenue, productivity and resources. And it’s growing.
The impact of cybercrime on a business is both inevitable and predictable; it’s not if, but when, most businesses will be attacked. And when they are, we know what will happen — sensitive data will be stolen or destroyed, productivity will suffer, and confidence will be shaken among customers, employees, and investors. Once the dust settles, companies will hire expensive consultants to harden and rebuild their technology infrastructure in the hopes such an attack can never happen again — even though in the future, a new, novel attack probably will.
And the state of the art is to buy more expensive and more modern security products that perpetuate this cat and mouse game with the bad guys. However, these security products need to be configured, managed, and upgraded, which even for sophisticated organizations that have the time, expertise or resources to do so, can’t provide a 100% guarantee of reliability. Over the past decade, cyber insurance has also emerged as a way to transfer cyber risk – so that when a company is breached, there’s a financial line of defense against liability and loss.
The challenge is that the buyers of cyber insurance and cybersecurity products have traditionally been isolated and siloed in their roles, with CFOs buying cyber insurance and CISOs buying cyber products. There are very few opportunities for a CFO, CIO, and CISO to come together to understand and manage corporate cyber risk.
This is the mission that Resilience set out to solve over the past few years – building a comprehensive cyber risk solution that helps their customers track their risk, translate their security posture into action and transfer some of that risk financially via a dynamic cyber insurance policy.
Resilience customers have a comprehensive risk management solution that combines best practices around cybersecurity with a technology and AI driven approach to cyber insurance. And the results in the market have been stunning – none of Resilience’s cyber risk solution clients paid ransomware extortions in 2022.
The company has grown rapidly and has built a unique, data driven approach to managing cyber risk. That’s why we at Lightspeed are so excited to back Resilience’s $100 Million Series D round, after originally leading their Series A and participating in their Series B and C rounds.
As I wrote when we led their Series A in 2019, “as I dug into the large, rapidly growing cyber insurance industry, I discovered that not all cyber-insurers are created equally. While a small handful have access to state-of-the-art technology and data science, I was surprised to learn that a large majority of the industry is largely flying blind. Insurance brokers gather information by asking customers to manually fill in thick, dense forms. Many insurers lack deep and detailed historical data to provide meaningful input into their sophisticated underwriting models. And most of the industry’s processes are not yet digital, which leads to time consuming processes.”
Since then, Resilience’s business model and go to market motions have only become more refined and distinctive in the cyber insurance industry. Resilience’s team, including CEO & Co-Founder Vishaal “V8” Hariprasad, have spent the intervening time not only cementing their leading position in the still nascent marketplace, but building out insurance as a piece of a larger cyber risk management solution.
Vishal and his Co-Founder Raj Shah are both veterans of the security sphere, having done work in the US military, and selling their previous startup, Morta Security, to Palo Alto Networks. It was this background that enabled them to see that not only is the risk market in cybersecurity usually priced with little data, companies themselves often have no idea how to assess, measure, or manage their own risk profile.
The Resilience Solution connects leaders in finance, risk and security, breaking down internal silos to help customers understand their risk profiles, and how to properly minimize their exposure to a future (again, nearly inevitable) attack. Resilience is providing exactly what their name says — cyber resilience to help organizations to continue delivering value to their customers, when things are at their worst.
Resilience thinks so, which makes us especially excited about backing their expansion into new global markets, supporting new kinds of clients, and adding even more insights and data into their cyber risk platform. Those new customers will find, when they gain cyber resilience, they can finally understand the ROI of their risk controls. And by giving customers the platform to understand their cyber security investment, Resilience itself will continue to drive an insurance loss ratio that is three times lower than the market average — a stunning achievement.
Securing a digital world at enterprise scale requires fundamental behavior change. We have been long-term believers in the Resilience team because they set out to fill this critical gap from day one. We are incredibly excited to see them executing on this vision over the past several years and we look forward to how they’ll help the market tackle cyber risk in the future.
Authors
