Editor's Note: In one of our recent blog posts, OTORIO CEO Danny Bren wrote about the viability of ransomware payouts for insurance companies. Here, OTORIO VP of Marketing Yoel Knoll introduces the intricacies of supply chain to cyber insurers.
Even in the shadow of the Coronavirus pandemic, global industrial supply chains are here to stay. They are a lifeline for the economy, and offer a wealth of benefits for both consumers and manufacturers. Yet in the never-ending quest to streamline global supply chains – as they seek out more affordable labor, services, goods and components, companies are facing new challenges and risks.
Supply Chain Cybersecurity: You’re only as strong as your weakest link
There is one part of every single link in the industrial supply chain, however, that does pose an existential threat to the enterprise – OT network cybersecurity. In a hyperconnected global economy, threat actors have learned that gaining access to enterprise OT networks directly is challenging. Yet gaining access to these networks indirectly – through third party connected networks – is often much simpler.
The integration of customer and supplier systems has created a massive opportunity for cyber criminals to infiltrate the weakest links in the OT network chain, then move laterally once inside in order to reach the enterprise’s inner sanctum.
Luckily, insurers have begun to take notice.
Supply Chain Cybersecurity: Why Should Insurers Care - and What Can Insurers Do?
Cyber insurance is a $4.5 billion market and is expected to grow to $21.4 billion by 2025. Given the sheer size of the risk, and to massive potential exposure to third-party risk, many insurers have begun to demand to know who - and what - exactly they’re insuring. The problem is that larger and more sophisticated enterprise customers are focused on supply chain risks; but as insurers move down the chain to smaller and medium-sized businesses – these players are simply less focused on cyber risk management.
So what can insurers do? Insurers are beginning to meet demand for protection by offering contingent business interruption coverage within cyber policies. This creates an underwriting challenge, especially with regards to risk aggregation. The problem? The underwriting process includes identifying probable maximum losses, and in the cyber realm – given the complexities of industrial supply chains - the risk aggregation is extremely complex to calculate.
Understanding and Quantifying Supply Chain Cybersecurity risks
To prioritize industrial supply chain cyber risk, OTORIO recommends that insurers take the following steps to understand what they do not understand as relates to sensitive data within the policyholder network and across its supply chain:
The Bottom Line
Insurers dealing with cybersecurity should be aware of supply chain risks in the industrial and manufacturing sectors. If the supply chain is breached, everyone along the line can be breached. Cyberattacks aimed at an enterprise policyholder may not initially target that policyholder, but rather a target along the supply chain. The same is true in reverse. Your client may be a prime target of an attack which starts with one of its suppliers (or sub-suppliers).
By taking steps to better understand risk, and partnering with industrial network cybersecurity domain experts – cyber insurers can mitigate risk and positively impact their bottom line.
To learn more about industrial and supply chain cybersecurity risks, to speak with one of our professionals or find out how you can partner with OTORIO, fill out the form below, and let us know how we can assist.