For many years, resilience against cyber-attacks only concerned companies who operate critical infrastructure.
The recent ransomware attack that shut down Norsk Hydro’s aluminum production shows that today every supply chain is vulnerable. Even worse, since supply chains rely on trust, companies that have been compromised pose a risk to their own suppliers and customers. When adversaries seek to wreak havoc, companies need to stay ahead.
This 5th roundtable of our series on Digital Supply Chains on May 15, 2019, brought together professionals and specialists from the Greater Region who work at the interface of supply chain management and IT security. The roundtable was co-chaired by Daniela Menzky, COO of London-based start-up CyNation, who supports organisations managing cyber risk in a way so that contingency measures are driven by an enterprise-wide culture that encompass people, processes and technology.
The majority of participants agreed that companies generally do not achieve the level of readiness that might be needed to address cyber threats in a coherent way and that most companies decide to lag-and-wait rather than to lead-and-pay.
Today, many cyber-attacks succeed because of human misconducts. In light of this, educating employees and business partners on cyber security topics is key. Nevertheless, some employees are resilient and continue to pose a threat to the entire organisation, so that companies have begun to develop processes that monitor critical employees.
Some participants argued that supply chain compliance will force companies to sign insurance policies that hedge against the financial downsides of possible cyber-attacks. Others argued that private insurance cannot replace regulation and that intangible risks beyond direct cost remain. In particular, operational disruptions and the loss of client trust pose intangible risks that cannot be hedged financially.
Mrs Menzky argued that signing an insurance policy may still be inexpensive in 2019. Many insurance companies are currently entering the market of cyber risk and some of them might underestimate the downside risks, as there is little experience to build on. The question remains: will the insurer pay and what type of cost will be covered?
Supply chain cyber security remains an exciting area and industry standards are only at the beginning.
Supply chain professionals are well advised to look at what insurance companies have in the pipeline and to stay up-to-date with the latest developments in this area.