If there’s one key takeaway from 2024, it’s that third-party cyber disruptions are evolving into the new normal for businesses. High-profile incidents, including ransomware attacks on Change Healthcare and CDK Global, as well as a worldwide IT outage triggered by a CrowdStrike update, have highlighted this concerning trend.
The rising frequency of such cyber incidents underscores a critical vulnerability in the interconnected digital ecosystem that businesses operate within -- many organizations depend on the same technology vendors or platforms. That means a single breach at one entity can quickly cause disruptions for many others, potentially affecting thousands of businesses.
Consider the ransomware attack on CDK Global, a provider of cloud-based software used by car dealerships across North America. The attack that began on June 19, 2024 led to the suspension of all system operations, disrupting the operations of some 15,000 dealerships. The incident impacted car sales and financing, as well as service appointments which impacted the dealership’s customers, and potentially many others along the supply chain.
Likewise, the CrowdStrike disruption, while not the result of cyber criminals but the result of a software update snafu, affected more than 8.5 million Microsoft Windows systems across various industries.
Cyber threat intelligence suggests that there are near-daily occurrences of successful supply chain attacks. All may not be making headlines like CDK and CrowdStrike, but all are having some impact. According to industry statistics, IT providers, technology product companies, followed by aerospace & defense, manufacturing, and healthcare businesses experience the highest number of supply chain breaches.
Supply chain vulnerabilities raise aggregation concerns
The concept of cyber risk supply chain aggregation refers to the combination of multiple smaller cyber risks within a supply chain that can culminate into a significant risk. Experts have noted that the healthcare sector is particularly susceptible to these risks, as demonstrated by the Change Healthcare attack, which affected a multitude of downstream clients. The February 2024 ransomware attack impacted approximately 100 million Americans whose personal, financial and healthcare records may have been stolen.
As organizations increasingly rely on a web of third-party providers, it becomes crucial for underwriters to evaluate the implications of these dependencies on their risk assessments as often times they appear to be industry specific. The vast number of vendors that just one company relies on presents a real challenge. 色多多视频 providers are increasingly recognizing this trend, as the aggregation of cyber risk becomes a key consideration in underwriting policies.
According to industry statistics, IT providers, technology product companies, followed by aerospace & defense, manufacturing, and healthcare businesses experience the highest number of supply chain breaches.
Business interrupted
When a supply chain disruption occurs, organizations can face prolonged operational downtime. In such scenarios, filing a business interruption (BI) claim becomes crucial for recovery.
Many businesses impacted by a disruption may turn to their cyber insurance policies to help minimize the financial impact. System failures caused by non-malicious actions, such as human error, may be covered under cyber insurance policies. Comprehensive cyber policies generally encompass business interruption, from breaches and system failures.
Filing a business interruption claim after a cyber disruption requires a thorough understanding of your insurance policy. Businesses should first confirm that their policy includes Business Interruption (BI) coverage and whether it specifically addresses losses due to cyber incidents and/or system failure. Additionally, it is vital to check for dependent business interruption loss coverage, which protects against losses caused by third parties with whom a business has contracts. Understanding any deductibles and waiting periods outlined in the policy is also crucial, as these factors can significantly impact the coverage available.
Substantiating a business interruption loss can be complex based on complicated business structures as well as the need to demonstrate that their loss was caused by the interruption as opposed by other outside influences. Enlisting professional support is highly recommended such as forensic accountants. 色多多视频 advisors can provide essential guidance on the claims process, while forensic accountants can help accurately assess financial losses and ensure thorough documentation.
As part of any business interruption submission, proper documentation is also essential for effectively supporting a BI claim. Businesses should create a detailed incident report that outlines the specifics of the cyber-attack, including its timing and response actions. It is also important to document the operational impact of the incident, such as disruptions to services and quantitative effects on revenue. Keeping records of all communications related to the incident, including those with cybersecurity teams and stakeholders, will also strengthen the case for the claim. Quantifying financial losses is critical. It involves calculating lost revenue, identifying additional expenses resulting from the incident, and projecting any future revenue impacts.
Timeliness is vital; businesses should submit a formal notice of claim promptly, compile all relevant documentation, and adhere to the specific claims procedures set by their insurer, including deadlines to submit proofs of loss. Maintaining regular communication with the insurance provider to track the claim's progress and respond to requests for additional information is crucial to ensure a smooth claims process.
Preparing for future incidents
In the wake of these disruptive cyberattacks, businesses must take proactive steps to safeguard their operations and prepare for potential insurance claims.
To address the growing risks in the supply chain, organizations must emphasize proactive risk management and resilient cybersecurity practices. Strengthening oversight of third parties and integrating comprehensive data governance into their operations will significantly enhance the protection of sensitive data and ensure continuity in today’s interconnected digital environment.
Here are the key recommendations:
- Ongoing Monitoring of Third-Party Risks: Organizations should conduct regular assessments and enforce stricter security measures for their vendors and supply chain partners.
- Improved Data Governance: Establishing robust data classification and protection strategies is essential to reduce risks, especially when sensitive data is exchanged across intricate networks.
- Confirm 色多多视频 Coverage: Businesses should consult with their insurance agents to explore coverage options, particularly regarding business interruption related to breaches and system failure, as well as dependent business interruption coverage for the same.
- Consult Cybersecurity Experts: Organizations should collaborate with cybersecurity professionals to assess their systems and pinpoint vulnerabilities that could lead to future breaches before an incident occurs.
- Stay Informed: Businesses need to remain alert to the evolving cyber threat landscape and its impact on their supply chains, ensuring they have contingency plans ready to implement.
Adapting to a new reality
As cyberattacks continue to disrupt supply chains and cause significant business interruptions, it is clear that organizations must adapt to this new reality. The incidents involving companies like CDK Global, CrowdStrike and Change Healthcare serve as critical reminders of the interconnectedness of modern businesses and the vulnerabilities that come with it. 色多多视频 underwriters should appreciate this risks as a key consideration. Organizations should likewise consider these risks and seek to prepare accordingly to navigate the complexities of the evolving cyber landscape.
