An Underrated Supply-Chain Concern: Cyber Events

Two-thirds of cyber events are the fault of third-party businesses that outsource services for the victim, showing that business interruption (BI) no longer solely concerns physical assets susceptible to natural catastrophes and other disasters. 

“Physical damage to buildings, machinery and transportation infrastructure is not the only potential cause of supply-chain disruption,” said Rebecca Bole, Advisen’s editor and director of Strategic Development in the Research and Editorial division, during the company’s supply-chain cyber risk webinar. 

“Large-scale cyber events hold the potential to be as damaging as a natural catastrophes. From organized crime gangs who use malware to extort money, to politically-motivated hacktivists, all the way through to the amateur teenager in his bedroom and the simple act of an employee leaving a laptop on the train -- all these are potential cyber threats, and should be considered so by risk managers,” she said. 

Cyber is the supply chain’s catalyst for efficiency. Whereas small shops used to house information in internally held files, many now delegate website hosting, credit card processing, and other tech processes to other vendors- many of which are located internationally.  

Unfortunately, said John Mullen, partner at the law offices of Nelson Levine de Luca & Hamilton, a third of the breach cases that come across his desk have to do with those suppliers losing data. 

“On supply side, we’ve seen [cases] as simple as data being shipped from one client to another processor that is going to have some work done to the data, where it was lost by the big mailing company,” he said. 

In the usual cases, the experts pointed out, a small-to-midsized company loses customer or medical records due to human error, leading to court entanglements, loss of business partnerships or customer trust, and ends up with a whopping debt. For example, one healthcare practitioner had to pay $1.5 million for 4,000 lost records, which are relatively few in the hacking world. 

However, an Advisen whitepaper pictures other probable scenarios such as a virus that infects a key supplier’s order processes, shutting down a commerce hub for days. This may be a transportation company suffering a breach on its logistics or dispatch systems, muddling shipments for its many clients, or even an attack on a large commodities exchange, interrupting the sale of essential parts and causing a ripple of market price spikes. 

According to the webinar, controls are key to avoiding costly cyber-related headaches, starting with internal guidelines by the company and employee training on data handling. One simple step to avoid handing off data to burglars, besides encrypting information, is not leaving passcodes and usernames written on sticky notes around the office. 

Having a good insurance net is also imperative, says Mullen. 

“Don’t waive your right to subrogation; make sure the indemnity clauses that are in the contracts are fair at some level to you,” he advised. “The larger the vendor, the harder it is to get the right indemnity wording. Require that the appropriate insurance is in place and certified directly from the carrier.” 

Comments

Resource Center

View All »

Is It Time To Step Up And Own An Agency?

Download this eBook for insight on how to determine if owning an agency is right...

Claims - The Good The Bad And The Ugly

Fraudulent claims cost the industry and the public thousands of dollars in losses. This article...

Leveraging BI for Improved Claims Performance and Results

If claims organizations do not avail themselves of the latest business intelligence (BI) tools, they...

Top 10 Legal Requirements for E-Signatures in Insurance

Want to make sure you’ve covered all your bases when adopting e-signatures? Learn how to...

Get $100 in leads with $0 down!

NetQuote's detailed, real-time leads have boosted sales for thousands of successful local agents across the...

The Growing Role of Excess & Surplus Lines in Today’s...

The excess and surplus market (E&S) provides coverage when standard insurance carriers cannot or will...

Increase Sales Conversion with this Complimentary White Paper

This whitepaper will share proven techniques - used by many of the industry's top producers...

D&O Policy Definitions: Don't Overlook These Critical Terms

Unlike other forms of insurance where standard policy language prevails, with D&O policies, even seemingly...

Environmental Risk: Lessons Learned from Willy Wonka and the Chocolate...

Whether it’s a chocolate factory or an industrial wastewater treatment facility, cleanup and impacts to...

More Data, Earlier: The Value of Incorporating Data and Analytics...

Incorporating more data earlier in claims lifecycles can help you reduce severity payments by 25%*...

Tech Digest eNewsletter

Technology related insights for insurance professionals including key developments, solution providers and news briefs from the carrier front – FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.