San Francisco, California, 10 May 2021 -
Understanding the digital relationship between insureds and the cloud services that increasingly provide core services and products to a global network of users will be vital to assessing systemic cyber risk. This is one of the conclusions in a new report from CyberCube on cyber threats to supply chains.
The research notes some underwriters name specific cloud and service providers on their policies by “scheduling” or endorsing them into policy language. It predicts in the future, we may see insurance carriers scheduling specific cloud providers on their policies in greater abundance.
The report, Building Blocks of a Catastrophe Scenario, highlights the increasing dependence of huge numbers of organisations on cloud services such as those supplied by Google, Amazon and Microsoft. This dependence has intensified due to the move to home working precipitated by the Covid-19 pandemic.
The failure of one of these hyperconnected services – called Single Point of Failure entities (SPoFs) – will result in cascading impacts on hundreds of thousands or potentially millions of organisations.
During the last six months, Amazon, Google and Microsoft Azure have all experienced significant service outages affecting businesses worldwide.
Charlotte Anderson, Senior Cyber Risk Analyst at CyberCube and the report’s author, said: “These events demonstrate how cloud providers can act as SPoFs in the event of an incident that causes an outage impacting many related services with large user bases. Increasingly, underwriters will need to take these dependencies into account when underwriting cyber cover.”
CyberCube, a leader in cyber risk analysis and modelling, has created a database of SPoFs that could help insurers and reinsurers develop such new products.
The report also analyses the risk to insureds posed by cyber attacks on their supply chains. Charlotte Anderson added: “Supply chain cyber attacks are attractive to cyber criminals in an attack cost-benefit analysis. Factors driving the increased exposure to supply chain cyber risk for businesses include the growing integration of new Internet of Things (IoT) devices and the blending of personal, public and workplace networks as we experience a movement away from the traditional corporate IT network perimeter model. In addition, the proliferation of complex global supply chains with exposure in both physical and digital realms will provide further opportunities for disruption.”
According to the report, when assessing their portfolios for catastrophic cyber risk, insurers should focus on the extent to which insureds are dependent on a single or small subset of suppliers. A business’s approach to identity access for vendors and third parties and the overall security posture of its vendors, contractors and suppliers are also critical factors.
Building Blocks of a Catastrophe Scenario: Understanding Supply Chain Cyber Risk and Single Point of Failure is available for download from CyberCube’s website.
ENDS
About CyberCube
CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modelling on thousands of points of technology failure.
The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners and backing from ForgePoint Capital, HSCM Bermuda, MTech Capital and individuals from Stone Point Capital. For more information, please visit www.cybcube.com or email info@cybcube.com.