A company’s supply chain is an integral and sometimes complicated part of its business. As companies optimize their supply chains using interconnected technology, the cyberrisk of disruption and lost business multiplies. Where a third-party supplier is connected to a company’s systems, a compromise at the supplier can disrupt the company’s business or allow a direct attack on the company. Cyber underwriters are especially concerned about recognizing and assessing the risk of disruption of supply chains after recent catastrophes, such as the 2011 tsunami in Japan and flooding in Thailand hit major manufacturing sectors that were single-source suppliers to major manufacturing and electronics companies.
Current risk-assessment practices, and cyberinsurance, focus on potential vulnerabilities of supply chain systems and the systems in place to prevent and detect cyberattacks. This is a nearly impossible task given the complexity and autonomy in supply chains as well as the constant change of technology affecting a company’s system and the constant adaptation of cybercriminals probing vulnerabilities. As discussed below, a more practical means of risk assessment is to evaluate a company’s ability to respond to a disruption in its supply chain. In other words, evaluate its robustness and responsiveness.
