Technology options are emerging to help risk managers address the cyber threat.
Matthew McCabe, New York-based senior vice president of the network and privacy practice at Marsh L.L.C, said the tools are greatly needed.
“According to study by the Business Continuity Institute, cyber has become the No. 1 factor in supply chain interruption,” Mr. McCabe said. “That really shows the prominence of technology in supply chains.”
In July, Marsh unveiled a cyber breach modeling tool that uses historical breach information paired with a company's internal data to predict the probability and financial outcomes of cyber crimes and better calculate how much insurance is necessary.
“Previously, we calculated cyber risk through data breach calculators where you make assumptions about the market and individual cost components, but there are a lot of imperfections to that approach,” Mr. McCabe said. “With new statistical analysis models we are able to home in on a precise number and better set numbers and retentions and get a better appreciation of what the true exposures are.”
Mr. McCabe said such models became feasible only recently.
“There's been a long debate in the cybersecurity industry over whether you can quantify damages and if there's enough data out there,” he said. “We are just starting to evolve into a new era where we can quantify damages better.”
Elsewhere, Aon Risk Solutions, a unit of London-based Aon P.L.C., has developed a web-based portal that can help companies understand their exposure to cyber and supply chain risk.
The Aon Cyber Risk Diagnostic Tool assesses the digital interconnectivity of a company's business operations, suppliers and customers to provide a tailored insight of a company's cyber risk.”
David Shillingford, New York-based president of Verisk Crime Analytics, said in addition to more and better data, the insurance industry's skills in modeling natural catastrophes are essential to tackle the risk that cyber crime presents to supply chains.
“We are doing quite a bit of work around supply chain risk modeling,” he said. “The policyholder has so much of the data around cyber risk and supply chain risk, while the insurance industry has built over decades predictive modeling capabilities that can be foundational for understanding those risks.”