While recent natural catastrophes have highlighted the risks weather poses to a company’s supply chain, technology failure and cyber attacks represent an even greater threat that many companies overlook, a new report says.
In its “Tomorrow Never Knows: Emerging Risks” report, Guy Carpenter says, “Few aspects of our personal or commercial lives are now technology free. And yet, most individuals and businesses only realize the extent of this dependency when they are negatively affected by a technology-driven or technology-dependent event.”
This reality extends to a company’s supply chain, Guy Carpenter says. “Due to technological innovation and advances, many parts of a company’s or industry’s supply chain may have become interconnected and automated. Technology is indeed a critical enabler of a supply chain’s operations,” states the report.
As such, says Guy Carpenter, a single disruption such as a cyber attack “has the potential to put an entire company’s supply chain at risk.”
The report outlines results from the “Business Continuity Institute’s 2012 Supply Chain Resilience Survey,” which show that unplanned outage of IT/telecoms was the most significant cause of supply-chain disruption last year, outpacing adverse weather, which placed second.
Outsource service provider failure was the third most significant cause of supply-chain disruption. Guy Carpenter summed up this risk by noting that a disruption at a technology company in a distant land rendering cloud-based services to a company in Wisconsin could ripple out into a series of events that leaves the Wisconsin company without access to a key part of its infrastructure. The disruption could be something as simple as a local interruption to the power supply, Guy Carpenter says. “No longer is there necessarily a direct physical or even indirect physical connection between the holder of a company’s data and the company,” the report points out.
Further down the list of 2012 supply-chain disruptions, cyber attacks now outstrip fire and social unrest, according to Guy Carpenter. The report notes that cyber attacks in general are on the rise, with 2012 breaking the record with respect to the number of reported data-loss incidents. “With 2,644 incidents recorded [for 2012] through mid-January 2013, 2012 more than doubled the previous highest year on record (2011),” Guy Carpenter says. “Furthermore, the extent of attacks is likely to be far higher since around 20 percent of reported incidents did not disclose the number of records involved.”
Taken together, Guy Carpenter says technology risk factors—unplanned outage of IT/telecoms, outsource service provider failure and cyber attacks— make up the majority of all supply-chain disruptions in 2012.
As for covering these risks, Guy Carpenter says the insurance industry is aware that companies are more exposed to external risks than ever before. Technology allows business to be conducted all over the world instantaneously, but that also means supply-chain failures can significantly impact a company’s revenue and reputation.
Insurers and reinsurers therefore are demanding that companies improve their supply chain risk-management strategies before business interruption/contingent business interruption coverage is offered. Guy Carpenter says companies have a responsibility to review suppliers’ business-continuity plans and gain a better understanding of their supply chains, “identifying and anticipating potential problems and taking measures to prevent them from causing significant disruption.”
Companies that do this will be able to take advantage of the broadest and best BI/CBI coverage in the marketplace, says Guy Carpenter.