Expand definition of cyber risk to stay on top of exposures: ReportReprints
Companies ignoring the risk of operational supply chain disruption from cyber attacks do so at their own peril, according to a report issued by Marsh USA.
The report, “Cyber Risks Extend Beyond Data and Privacy Exposures,” argues that risk managers should not view data privacy breaches as the sole form of cyber risk.
“Technology outages and software failures resulting in supply chain and operational disruptions can cause significant loss of income, increase operating expenses, and damage an organization's reputation,” the report states. “Any business that assumes its technology is impervious to any failure — especially as businesses increasingly rely on technology to conduct business operations — is ignoring a critical risk.”
While the report notes that cyber insurance policies have historically been triggered primarily by data breaches and hacking attacks, many now provide coverage for a broad range of technology failures and outages.
Yet Marsh notes that insurance is not an alternative to solid risk management and recommends that risk managers take steps to steel against cyber attacks, including determining the criticality of various information technology systems to ongoing operations, and developing and testing business continuity and crisis management plans.
“The purchase of cyber insurance should be just one part of a well-planned and effective risk management program that also includes policies and protocols to prevent and mitigate technology risks,” the report states.