Not just online shopping around occasions like Singles Day, Black Friday or during Christmas Season is fully depending on digital infrastructure. Nearly all economic processes and relations around the world, ranging from global production to logistics depend on software, IT services and respective digital assets and infrastructure.

Munich Re is observing rising interdependencies and more critical bottlenecks across all industries. Alongside supply chains that are getting more and more complex, Munich Re is noticing that they additionally are threatened by an increasing number of sophisticated cyberattacks that may lead to outages and interruptions.

In summer 2021 the European Union Agency for Cybersecurity (ENISA) came to the same conclusion forecasting four times more software supply chain attacks in 2021 than the year before. ENISA´s “Threat Landscape for Supply Chain Attacks” stated that 66% of supply chain attacks were conducted by the exploitation of unknown vulnerabilities, whereas 16% leveraged known software flaws. With regards to supplier assets, most attacks aimed to compromise code (66%), followed by data (20%) and processes (12%). As for customer assets, supply chain attacks most commonly targeted customer data (58%), followed by key people (16%) and financial resources (8%).

These findings clearly emphasize the need for adequate supply chain management. Risk owners, authorities, the cybersecurity community as well as the insurance industry need to build up resilience and protective measures to avoid potential supply chain attacks to happen or – if they happen – to mitigate their impact.

Managing suppliers and respective assets is challenging and may vary from company to company. However, here are some recommendations for supply chain risk management:

• Identify and assess critical suppliers and their respective activities and services;
• Keep an inventory of software and hardware assets;
• Collaborate with key suppliers and manage them over the whole lifecycle of a product or service;
• Include suppliers in improvement activities as well as measures for business continuity and incident response;
• Monitor and audit critical supplier relationships. Utilize self-assessments or interviews in procurement.

Make your supply chain as robust as possible to ensure that you can deliver all deliverables that are expected from you and your business – before, during and after Christmas Season. Don’t let cybercriminals interrupt your festive season.

Together with our clients, we’re creating cyber solutions that go far beyond traditional risk transfer.

Have yourself a merry little cyber insurance!