Two-thirds of cyber events are the fault of third-partybusinesses that outsource services for the victim, showing thatbusiness interruption (BI) no longer solely concerns physicalassets susceptible to natural catastrophes and otherdisasters. 

"Physical damage to buildings, machinery and transportationinfrastructure is not the only potential cause of supply-chaindisruption," said Rebecca Bole, Advisen's editor and director ofStrategic Development in the Research and Editorial division,during the company's supply-chain cyber risk webinar. 

"Large-scale cyber events hold the potential to be as damagingas a natural catastrophes. From organized crime gangs who usemalware to extort money, to politically-motivated hacktivists, allthe way through to the amateur teenager in his bedroom and thesimple act of an employee leaving a laptop on the train — all theseare potential cyber threats, and should be considered so by riskmanagers," she said. 

Cyber is the supply chain's catalyst for efficiency. Whereassmall shops used to house information in internally held files,many now delegate website hosting, credit card processing, andother tech processes to other vendors- many of which are locatedinternationally.  

Unfortunately, said John Mullen, partner at the law offices ofNelson Levine de Luca & Hamilton, a third of the breach casesthat come across his desk have to do with those suppliers losingdata. 

"On supply side, we've seen [cases] as simple as data beingshipped from one client to another processor that is going to havesome work done to the data, where it was lost by the big mailingcompany," he said. 

In the usual cases, the experts pointed out, a small-to-midsizedcompany loses customer or medical records due to human error,leading to court entanglements, loss of business partnerships orcustomer trust, and ends up with a whopping debt. For example, onehealthcare practitioner had to pay $1.5 million for 4,000 lostrecords, which are relatively few in the hackingworld. 

However, an Advisen whitepaper pictures other probable scenariossuch as a virus that infects a key supplier's order processes,shutting down a commerce hub for days. This may be a transportationcompany suffering a breach on its logistics or dispatch systems,muddling shipments for its many clients, or even an attack on alarge commodities exchange, interrupting the sale of essentialparts and causing a ripple of market price spikes. 

According to the webinar, controls are key to avoiding costlycyber-related headaches, starting with internal guidelines by thecompany and employee training on data handling. One simple step toavoid handing off data to burglars, besides encrypting information,is not leaving passcodes and usernames written on sticky notesaround the office. 

Having a good insurance net is also imperative, saysMullen. 

"Don't waive your right to subrogation; make sure the indemnityclauses that are in the contracts are fair at some level to you,"he advised. "The larger the vendor, the harder it is to get theright indemnity wording. Require that the appropriate insurance isin place and certified directly from the carrier."