It has only been nine years since cyber insurance first emerged as a product. A very lucrative sub-specialty, it is now underwritten by over 60 insurance companies and will produce an estimated $2 billion in premium income this year, according to a new report from New York-based insurance brokerage Guy Carpenter LLC.
“Today, organizations, through their interconnectedness and participation in global supply chains, are subject to an increasingly complex network of networks. A cyber attack may put an entity’s entire supply chain at risk. Cyber risks pose a set of aggregations/accumulations of risk that spread beyond the corporation to affiliates, outsourcers, counter-parties and supply chains,”the report says.
Most corporate insurance policies cover business interruption, but not infrastructure and Internet service failure. Insurance providers do not stay in business by paying out on large claims. Target only recovered $38 million of $148 million in losses from last year’s breach. The total spent by all institutions involved in that breach is more than $350 million. Clearly, insurance covers just a fraction of the cost of a cyber disaster.
A network intrusion can send aftershocks throughout the entire business world. Malware can reside on a network for years, so devices that have long been in operation in the field but never secured have likely been compromised in some way. Does anyone know how secure all of their affiliates’devices are?
Increased connectivity creates opportunities for more efficient asset and supply management. But the growing and unfathomable number of devices connected to each other creates infinite possibilities for operational disruption.
To make your supply chain less vulnerable, the Wall Street Journal recommends:
“Update supply chain risk plans to mitigate the increased exposure to cyber attacks brought when OT (Operational Technology) is now connected to the Internet and enterprise supply chain systems. Resolve any differences in accountability or governance structures between IT and OT that can result in risk exposure.”
EdgeWave specializes in enterprise security, providing email and web filtering, data encryption, and protection against zero-day vulnerabilities. An award-winning combination of military grade cyber defense, leading edge technology, and human analytics prevents malware from infecting devices connected to networks large and small. EdgeWave will create a customized plan to mitigate supply chain risks for any type of business. Download your free Cyber Security Guide at www.edgewave.com.