LinkedIn
Instagram
facebook
Twitter

Support: 01242 504614

Sales: 01242 388530

phone
LinkedIn
Instagram
facebook
Twitter
Home > Cyber Security > Supply chain Cyber-attacks

Supply chain Cyber-attacks

by | Feb 12, 2020 | Cyber Security

Supply Chain Cyber-Attacks

How vulnerable is your business?

With the latest release of Allianz’s 2020 Business Risk Barometer, it’s clear to see that Cyber has been catapulted to the no.1 position for business risk on a global scale.

“With businesses facing a number of challenges such as larger and costlier data breaches, more ransomware incidents and the increasing prospect of litigation after an event.”

There is also a worrying trend that data breaches are becoming larger and more expensive to deal with, and the greater the business interruption the higher the losses.

Data rich organisations beware!

With organisations gathering and processing greater volumes of personal data, this is resulting in larger and costlier data breaches – also known as mega data breaches (in excess of a million records being breached) which are now more commonplace.

For those companies that depend on data to provide their services, the consequences can be disastrous. Extortion demands are a big concern for these organisations but business interruption results in the heaviest losses from ransomware attacks, with the real target being the theft of their personal data.

“A mega breach now costs an average of $42mn, according to the Ponemon Institute, an increase of nearly 8% over 2018. For breaches in excess of 50 million records, the cost is estimated to be $388mn (11% higher than in 2018).”

Operational resilience

Operational Resilience is now a key focus for regulatory authorities, with Sam Woods, CEO of the Prudential Regulation Authority (PRA) stating: “Operational resilience is a vital part of firms’ safety and soundness, and has become an important priority for the PRA. This consultation marks the next stage of integrating operational resilience into our regulatory framework. Alongside this, our proposals on outsourcing and the cloud will steer firms to be resilient in their adoption of new technologies.”

Jon Cunliffe, Deputy Governor for Financial Stability said “…Financial Market Infrastructures need to consider not only what steps they need to take to minimise operational disruption, but also how quickly they can recover from any operational disruption.”

Find out more about operational resilience on our IT, Cyber and Compliance guidance for Insurers and FCA regulated organisations.

Prioritise audits

Your organisation may be well protected but the same can’t always be said for your suppliers or acquisitions, especially if they possess a weak approach to cyber-security or if they already have vulnerabilities. You, as the acquiring firm could find yourselves liable for any damage from breaches or attacks pre-dating the merger. That’s why auditing new acquisitions and suppliers must be seen as a priority and a vital part of your due diligence. The Marriott hotel group learnt the hard way, with its breach in 2018 being traced to a 2014 intrusion on the Starwood hotel group they later acquired in 2016.

Intra-group outsourcing

When a firm has an outsourcing arrangement with a company in the same group, including cross-boarder outsourcing to parent or sibling companies outside the UK. The FCA states that intra-group outsourcing requires the same rules as outsourcing to an external third party. The risk shouldn’t be perceived as being any less nor subject to outsourcing requirements. Risks must be identified and managed effectively whether it be a third party or intra-group outsource.

Growing regulatory actions and legal costs

Large data breaches are resulting in regulatory actions and most significantly large fines. They can also trigger affected consumers, business partners and investors to pursue legal action; all contributing to eye watering costs. The Marriott in 2018 and credit score agency Equifax in 2017 were both reported to have had mega data breaches of personal data of over 300 million and 140 million customers correspondingly. Both have had several lawsuits and regulatory actions brought against them, in which the Marriott intend to receive a fine of £100 million from the UK’s data protection regulator.

The best approach to managing Cyber Risk and improving Cyber Resilience

Allianz 2020 Business Risk Barometer

  • Cyber risk is part of our overall enterprise risk management and is viewed as a key business risk
  • Monitor and measure security and availability of systems through continuous vulnerability and risk assessments, remediation and sharing intelligence around cyber threats
  • Regular staff information security training, awareness and anti-phishing campaigns

Our top tips for supplier management

  • 1. Due diligence is a priority. Find out what the potential risk profile is of the supplier and how their actions could impact you if they were compromised?
  • 2. Verify your suppliers’ certifications. It’s wise to check out claims and certifications. It’s possible they have a PCI report on compliance, or an ISO27001 certified ISMS that only covers a small section of the requirement, meaning the supplier is not certified.
  • 3. Continually check your suppliers. You may have vetted them 5 years ago and they were deemed to be low risk but for good supplier management, it’s important to implement a continuous auditing programme.
  • 4. Get an independent, unbiased view. There’s a lot of value in bringing in an independent auditor to provide a balanced view on your suppliers, especially if information security auditing isn’t a part of your normal job function.

We’re helping an increasing number of organisations, by providing independent supplier security reviews and ongoing supplier management using our proven framework.

Call us on 01242 505470 or fill out our Cyber consultancy contact form and we’ll be happy to discuss your individual supplier audit requirements with you.

Cyber-Security

Contact Us

IT, Cyber & Compliance for Insurers

GOT A QUESTION ABOUT YOUR IT SYSTEMS AND SERVICES?

Our experts are ready and waiting to help you get more out of your business. Get in touch today!

78% Average First Contact Resolution

98.8% Average Customer Satisfaction Score

Rapid Response Time

Cyber Focused Approach

Why Choose Us

why choose us

CONSULTATIVE APPROACH, ELEGANT IT SOLUTIONS

Our consultative approach enables us to get to know your business, so we can deliver elegant IT solutions that are cost-effective and in tune with your business needs.

HIGH QUALITY SERVICE, STRAIGHT TO 2ND LINE

Our UK based Service Desk goes straight to a highly qualified 2nd line support engineer, guaranteeing a quick response and resolving most issues at First Contact. That’s why we’re able to consistently achieve over 78% First Contact Resolution (FCR). This keeps staff downtime to a minimum compared to traditional 1st line slow to respond Service Desk models.

EXPERT TEAM, SEAMLESS INTEGRATIONS

Our commercially focused, highly experienced team understand the importance of seamless integration with in-house teams and delivering a consistent, high standard of service.

MEASURING SUCCESS, KPI DRIVEN

Our services are continually monitored and KPI driven. Our reporting is shared in a collaborative way, guaranteeing transparency and a focus on continued service improvement from a high-quality baseline.

FLEXIBILITY, CO-SOURCE OR OUT SOURCE SERVICES

Our Co-source and Out-source services mean we are flexible in our approach to deliver the appropriate level of support for all our customers.

CONNECTED WITH TRUSTED TECHNOLOGY

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus odio nisi, ultrices eu magna a, auctor sagittis enim. Sed ac posuere lacus. Curabitur ultricies, sem in lacinia iaculis, orci justo ornare est, ac dictum erat diam vel erat.

CONSULTATIVE APPROACH, ELEGANT IT SOLUTIONS

Our consultative approach enables us to get to know your business, so we can deliver elegant IT solutions that are cost-effective and in tune with your business needs.

EXPERT TEAM, SEAMLESS INTEGRATIONS

Our commercially focused, highly experienced team understand the importance of seamless integration with in-house teams and delivering a consistent, high standard of service.

FLEXIBILITY, CO-SOURCE OR OUT SOURCE SERVICES

Our Co-source and Out-source services mean we are flexible in our approach to deliver the appropriate level of support for all our customers.

HIGH QUALITY SERVICE, STRAIGHT TO 2ND LINE

Our UK based Service Desk goes straight to a highly qualified 2nd line support engineer, guaranteeing a quick response and resolving most issues at First Contact. That’s why we’re able to consistently achieve over 78% First Contact Resolution (FCR). This keeps staff downtime to a minimum compared to traditional 1st line slow to respond Service Desk models.

MEASURING SUCCESS, KPI DRIVEN

Our services are continually monitored and KPI driven. Our reporting is shared in a collaborative way, guaranteeing transparency and a focus on continued service improvement from a high-quality baseline.

connected with trusted technology

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus odio nisi, ultrices eu magna a, auctor sagittis enim. Sed ac posuere lacus. Curabitur ultricies, sem in lacinia iaculis, orci justo ornare est, ac dictum erat diam vel erat.

Case study

Read Case Studies

Shonga-shonga paminta Cholo neuro na ang sudems jongoloids biway thunder majubis klapeypey shonga sa tungril planggana katagalugan lulu

Testimonials

What Our Customers Say