Supply chain risks have been identified as an increasingly important issue within the cyber insurance market in a new report published by the International Underwriting Association (IUA).
A whitepaper, jointly researched with cyber risk analytics firm CyberCube, urges underwriters to carefully review client business continuity plans. It offers a checklist of points to investigate when “assessing an organization’s cyber supply chain.”
The report states that whilst companies “are more and more reliant on digital support from third parties, supply chain perils have so far received far less attention than other major cyber threats like war risks.”
An improved focus on risk management is urged to “help insurers, brokers and clients agree on appropriate levels of cover capable of responding effectively to any claims.”
Thomas Clayton, Chair of the IUA’s Cyber Underwriting Group and Head of Cyber at Zurich Insurance, said:
“Most organizations rely on a complex array of external vendors, technologies and suppliers to achieve their business goals. But these relationships come with inherent risks. For insurers, there is an urgent need to pay close attention to single points of failure within digital supply chains. Often, theoretically independent supply chains of unrelated businesses can rely on a handful of leading, specialist providers. An outage at one of these providers could disrupt large swaths of industry.”
Jon Laux, CyberCube’s VP of Analytics, said:
“While single points of failure cannot be eliminated from (re)insurers’ portfolios, understanding their concentration is critical to managing risk accumulations and minimizing cyber catastrophe loss potential. Those organizations and their brokers that can articulate clearly what their supply chain risk is and measures adopted to mitigate that risk will be in a better position to source cyber insurance cover at the levels required. Overall, any organization that has a good understanding of their supply chain risk and how this risk may affect their business will improve their operational resilience and reduce threats to the continuity of trade.”
The IUA and CyberCube whitepaper includes a number of case studies highlighting the impacts on supply chains of various cyber attacks. Each case study lists a number of key lessons learned and discusses how losses can be modelled for the threat in question.
The report also “addresses regulatory approaches to cyber modelling and answers points raised by the Prudential Regulatory Authority’s Insurance Stress Test exercise.”
It discusses reasons “for the diverging approaches of different cyber loss models.”
For more details, check here.