Unlocking graphic

Cyber attacks and supply chain continuity

As cyber-attacks become more frequent organisations must re-think their risk strategies to protect themselves and the people who depend on them.

The Global Risks Report 2023 again highlights cyber-attacks as a key risk in 2023, and for good reason. As mentioned in the report, attacks are almost becoming normal, such is the frequency of them across various sectors as well as, in some cases, cities.

With the increase in the use of Internet of Things (IoT) devices, it is estimated there will be 30.9 billion in use by 2025, it is important that people are aware of the risks of using them, and businesses are aware of the importance of continuity plans should an attack occur.

Data theft is particularly attractive to hackers, given the monetary value placed on the security of data and the potentially catastrophic consequences a leak could cause. Ransomware, a type of malware in which files are hacked and a user is threatened with their publishing unless a ransom is paid, is an increasingly common method of attack. The National Cyber Security Centre’s (NCSC) 2021 annual review found that there were three times as many ransomware attacks in the first quarter of 2021 than in the whole of 2019.

As cyber-attacks become more frequent organisations must re-think their risk strategies to protect themselves and the people who depend on them from the magnitude of cyber-related losses.

The damage of an attack

Business continuity is key when under a cyber-attack, and it is important that companies of all sizes have a plan in place should regular business be interrupted. For smaller companies in particular, an estimated 60% closed within six months of falling victim to a cyber-attack or data breach. With such drastic consequences possible following an attack, and countless years of hard work potentially ruined, organisations need to ensure plans for prevention but also procedures for the worst-case scenario.

It is also important to remember that, even with the most rigorous of defences, one person clicking on a dodgy link, downloading a file or accepting a transfer from an unusual place could trigger an attack, so staff need to be trained and regularly tested in order to keep awareness high.

The risks of the supply chain

In addition to ensuring staff are regularly trained and tested on the importance of spotting potential hacks, it is often not just the primary company that should be considered. Supply chains are a crucial part of businesses both large and small, and research has shown that due diligence of suppliers down a chain is slipping. In order to provide the best possible chance of business continuity in the event of an attack anywhere along a supply chain, organisations need to have set plans for the hours, days and weeks following.

There are a number of ways an attack on a supply chain could impact another company, for example in the delivery of stock to a high street retailer, or the shutting down of a company website hosted by an agency. When discussing the damages of a cyber-attack, the costs demanded by a hacker may not be the hardest hitting, as the cost of business interruption could reach far higher levels.

Continuity plans in place such as knowing a secondary source companies could go to, or secondary networks that could replace a hacked one, could be difference between companies being able to trade or not, and potentially whether they remain in business at all.

Zurich logo

If you would like more information about our products, visit: zurich for brokers

 

Contact Zurich for brokers