Supply chain cyber exposures are an insurance game changer
Published 11 August 2021
The enormity of supply chain risk is changing the cyber insurance landscape, as the potential for claims has increased dramatically, say cyber experts Robyn Adcock and Alberto Piccenna in the Gallagher H1 2021 Business Insurance and Risk Market Update.
Key trends covered in the cyber feature
● over the past 6 months insurers have put corporate cyber security systems and processes under close scrutiny
● boards must proactively address their cyber exposures
● businesses must audit their cyber supply chain to ensure each component is meeting cybersecurity standards.
Cyber security supper chain challenges are evidenced by a recent attack on United States software vendor SolarWinds in which malware was planted in an update that compromised more than 18,000 clients, including US government departments such as Homeland Security and a whole host of big-name private companies. Microsoft was also attacked, with ransomware installed on its Exchange servers. That affected 250,000 corporate servers across the world, including the European Banking Authority.
This domino effect illustrates the threat to businesses and their relationships, and the extent of risk for insurers. As a result more and more questions are being asked of businesses seeking cyber insurance cover, with details of the processes and procedures involved – consequently the underwriting process involves much greater scrutiny and to takes much longer than previously.
Supply chain risk
Your business is only as cyber secure as the weakest link in your supply chain. The risks of cyber security non-compliance by multiple suppliers can quickly aggregate to significant losses across a business ecosystem, and insurers globally are watching how this risk is continuing to evolve.
Businesses for their part should be auditing their supply chains and being proactive in dealing with any weaknesses. Being able to demonstrate a robust vetting process provides assurance that you’re managing supply chain risks.
The ransomware threat
Both the frequency and severity of recorded ransomware claims have increased in the last 12‒18 months with attacks on businesses occurring every 11 seconds. Businesses should anticipate close scrutiny around their security measures against ransomware attacks.
The new benchmarks in cyber protection
The cost of cybercrime is expected to reach $6 trillion by end of 2021. Insurers are now examining business cyber security protocols from board level down, with the requirement that these should be part of operational policy.
If you don’t have comprehensive security measures in place the cyber insurance market is quickly moving towards a situation where businesses will be asked to part-underwrite your cyber exposures, or even be turned down flat by the insurer because the risk is assessed to be just too great.
Directors and officers’ liability
To achieve effective business cyber security your tech team needs to be involved in shaping strategy at board level. Cyber has to be a focus because shareholders will hold businesses accountable for losses and potentially damaging the company itself.
Boards need to commit to developing a cyber security risk management framework with supporting investment and this involves understanding the technology strategy.
Businesses will need to be able to verify their security activities. Be prepared for insurers to scrutinise your policies and procedures around these measures, and your auditing measures, training, testing and vetting results.
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective.