Important information on preventing cyber-attacks to your supply chain
Here’s something to remember: A chain is only as strong as its weakest link. With this in mind, could your vendors be exposing you to cyber risks?
Traditional supply chain risks, such as third-party bankruptcy, faulty production or failure to meet service conditions can seem familiar and manageable in comparison to the emerging and unpredictable risks stemming from a cyberattack or data breach. But every extra link in your supply chain introduces an opportunity for cyber attackers to compromise your company’s operations.
Take the right precautions
Cyber incidents can strike any point in your supply chain and have far-reaching consequences. You should test the resilience of your supply chain to potential cyber events and compile detailed crisis management protocols and a disaster recovery strategy.
How can you accomplish this?
- Fully audit your supply chains.
- Know where your data is, who has access to it and when it is purged.
- Know your suppliers and the suppliers they use. Surprisingly, many businesses are unaware of exactly who their vendors are and cannot fully assess their exposure.
- Set and maintain stringent cybersecurity standards and require all of your partners to adhere to them (as far as is possible).
- Be aware of the costs and benefits of technology and have realistic expectations regarding your cyber defenses — and those of your vendors.
Understand cloud risks
An increasing reliance on cloud-based applications may introduce vulnerabilities and risks that can be hard to quantify.
When you control your own data, there’s transparency in the level of security used to protect that data. You can undertake realistic risk assessments, quantify your exposure and take steps to mitigate it by improving security and obtaining insurance coverage. If there’s a breach, you control how you react to it.
Placing your data with a cloud service means trusting it’s being handled carefully. If a cloud vendor is ill-prepared, you could expose your organization to potentially catastrophic legal and cyber risks. And it’s dangerous to assume that a cloud service provider can, and will, adopt full responsibility for security. Keep in mind that no security system comes with a 100% guarantee.
Vet your partners
You may require prospective partners to complete a cybersecurity questionnaire and survey at the outset of a contract. Perhaps you also request a follow-up questionnaire every six or 12 months, depending on the level of risk assigned to that vendor. However, not all questionnaires are created equal. It’s important you ask the right questions – such as where their data is stored, how secure their data is and whether they perform regular backups. Also, be sure to verify the information provided to you and adapt the questionnaire to the specific circumstances of the vendor.
Distributing your ideal questionnaire should only serve as the beginning of the process, too. Why? Cyber threats are constantly evolving and difficult to pin down. It’s unlikely the person (or persons) completing your questionnaire has access to all of the information required to provide the comprehensive answers you seek. Furthermore, their answers will often be subjective and based on their own level of understanding. Simply put, they cannot tell you about all system vulnerabilities.
You should continuously monitor your partners by leveraging technology. For example, an artificial intelligence-based cybersecurity program can allow you to see inside your vendor’s network and detect flaws, insecurities and potential intrusions. Cybersecurity risk-rating platforms can also help determine whether your vendors’ systems continue to perform well and warn you of any emerging threats.
Be realistic about liability
A strong contract with your supply chain partner is a must, but it’s not 100% guaranteed to absolve you of any liability should a data breach or cyberattack occur.
Even if a vendor accepts full responsibility for a cyber incident, you could still find yourself in hot water. If you’re dealing with a smaller company, they may be happy to accept liability as a contract term in order to get your business. But if the worst should happen, they may not have sufficient reserves to cover all of the losses emanating from the breach or attack. You could also be dealing with a vendor in another jurisdiction or a vendor that has sub-contracted to another party with whom you have no agreement. The fact that someone else is to blame may not prevent your company from suffering financial losses and reputational damage.
You may also have to deal with vendors that don’t meet your standards and protocols or aren’t entirely transparent. If their input in your supply chain is essential and you cannot easily replace them, you may need to shoulder the risk yourself.
Cyber liability insurance will not prevent an attack, but it can limit your losses, help cover legal fees linked to a breach and speed your recovery. Speak with your insurance professional to make sure you know the policy limits of your coverage and to consider whether you could benefit from contingent business interruption insurance to protect you from the potential fallout of an attack on a partner in your supply chain.
Copyright © 2019 Applied Systems, Inc. All rights reserved.
Manufacturing Insurance that Fits Your Business
Kapiloff Insurance knows your industry, and can match you up with the custom coverage you need to protect your business when the unexpected happens. Through our innovative approach we represent a large network of insurance companies, and are always ready to tailor a policy to your needs.
Talk to us about your business.Let's start a conversation and see how we can help.
GET A FREE QUOTE NOW