18 October 2023, LONDON - Supply chain risks have been identified as an increasingly important issue within the cyber insurance market in a new report published by the International Underwriting Association (IUA). A whitepaper, jointly researched with cyber risk analytics firm CyberCube, urges underwriters to carefully review client business continuity plans. It offers a checklist of points to investigate when assessing an organisation’s cyber supply chain.
The report states that whilst companies are more and more reliant on digital support from third parties, supply chain perils have so far received far less attention than other major cyber threats like war risks. An improved focus on risk management is urged to help insurers, brokers and clients agree on appropriate levels of cover capable of responding effectively to any claims.
Thomas Clayton, Chair of the IUA’s Cyber Underwriting Group and Head of Cyber at Zurich Insurance, said: “Most organisations rely on a complex array of external vendors, technologies and suppliers to achieve their business goals. But these relationships come with inherent risks.
“For insurers, there is an urgent need to pay close attention to single points of failure within digital supply chains. Often, theoretically independent supply chains of unrelated businesses can rely on a handful of leading, specialist providers. An outage at one of these providers could disrupt large swaths of industry.”
Jon Laux, CyberCube’s VP of Analytics, said: “While single points of failure cannot be eliminated from (re)insurers’ portfolios, understanding their concentration is critical to managing risk accumulations and minimising cyber catastrophe loss potential.
“Those organisations and their brokers that can articulate clearly what their supply chain risk is and measures adopted to mitigate that risk will be in a better position to source cyber insurance cover at the levels required. Overall, any organisation that has a good understanding of their supply chain risk and how this risk may affect their business will improve their operational resilience and reduce threats to the continuity of trade.”
The IUA and CyberCube whitepaper includes a number of case studies highlighting the impacts on supply chains of various cyber attacks. Each case study lists a number of key lessons learned and discusses how losses can be modelled for the threat in question.
The report also addresses regulatory approaches to cyber modelling and answers points raised by the Prudential Regulatory Authority’s Insurance Stress Test exercise. It discusses reasons for the diverging approaches of different cyber loss models.
Copies of ‘Supply Chain Risk in the Cyber Insurance Market’ can be freely downloaded from the IUA website at www.iua.co.uk/cyber. The IUA’s Cyber Underwriting Group was established in 2014 to provide a forum for underwriters offering specialist cyber risk coverage in the London company market.
Ends
Contact:
Scott Farley
Director of Communications
International Underwriting Association
Telephone: 0207 617 4449
Mobile: 07921 699218
E-mail: scott.farley@iua.co.uk
Yvette Essen
Head of Content, Communications & Creative
CyberCube
Telephone: +44 (0)7956 877 206
Email: yvettee@cybcube.com
Notes to Editors:
About the IUA
The International Underwriting Association of London (IUA) is the representative body for companies in London providing international and wholesale insurance and reinsurance coverage. Its mission statement is to secure an optimal trading environment for London insurance companies. The IUA’s London Company Market Statistics Report shows that overall premium income for the company market in 2022 was £44.071bn. Gross premium written in London totalled £37.626bn while a further £6.444bn was identified as written in other locations but overseen by London operations.
About CyberCube
CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organisations quantify cyber risk to facilitate placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modelling on thousands of points of technology failure.
The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners. It is backed by Morgan Stanley Tactical Value, Forgepoint Capital, HSCM Bermuda, MTech Capital, individuals from Stone Point Capital and Scott G. Stephenson. For more information, please visit www.cybcube.com or email info@cybcube.com.