4 minute read
Digital innovation and cyber risk in global supply chains
By George Jones , (Left) Global Sales Leader,
Marine, Cargo & Logistics Practice, Marsh and Janelle Griffith , (Bottom left) Leader, North American Logistics Practice, Marsh
The global supply chain is one of the greatest endeavors that functions millions of times every day. Interconnected systems and reliance on data are at an all-time high. This poses challenges to logistics entities that go far beyond internal system integrity or hacking.
These challenges cross into areas such as the potential for redirection of goods via cyber breach, cyberattacks commandeering autonomous technology, or business interruption that stems not only from attacks on organisations’ systems but on those of the supply chain partners.
Digitalisation, when applied to the logistics supply chain (widely referred to as logistics 4.0) is valued at US$1.5 trillion globally. Partly as a consequence of greater data capabilities and digitally connected technologies, every sub-sector in the supply chain industry is potentially more vulnerable to, and more affected by, cyber risk.
Event impact can be costly, disruptive and litigious if data is involved, reducing or removing the benefits of improved efficiency and margin gained by digitalisation. However, companies are also using these advances to become smarter in the management of risk and loss mitigation.
Digitalisation enables entities to collect data and drive insights, incorporate smart solutions, model and plan for future disruptions, as well as automate activity.
Reductions in the cost of technologies is enabling new entrants into the supply chain market, bringing new ways of doing things and new partnerships.
Use of autonomous vehicles, stackers, robots, and cobots is on the rise. Artificial intelligence (AI) and machine learning are revolutionising logistics through decision support and automation, potentially making today’s organisations more efficient, resilient, flexible and sustainable.
Unfulfilled Customers
A cyber event at a shipping company, major port, or logistics company, could have serious consequences for those entities. Reportedly, 90% of all goods are carried by sea at some time in the supply chain.
Given how much we rely on the maritime, ports and logistics sectors, any disruption in the supply chain can have far-reaching consequences.
The blockage of the Suez Canal by the Ever Given, which held up to US$10bn in goods per day, is an example. While the cause was a physical blockage and weather-related, it illustrated the consequences and fragility of supply chain disruption.
Logistics companies have learnt from the experience and many can “rewire” faster than it takes to unblock a canal.
Chain Reactions
There is a risk of contagion with cyber events and for affected entities. Recovering vendors and customers wary of contagion can take time.
In a 2019 Safety at Sea and BIMCO maritime cyber survey, 77% of respondents said they would cancel a contract, while 26% said they would recommend not doing business with a third-party supplier because of concerns with poor cybersecurity practices.
Learning from past cyberattacks, congested ports during the Covid-19 pandemic and the Suez Canal blockage, national governments have reworked critical national infrastructure protocols to include governmental cyber warfare defence entities in planning to mitigate effects on the supply chain.
Evolving Strategies
The insurance industry is also responding to digitalisation and its flip-side, cyber risk.
If a cyber event has a risk of contagion, insurers consider aggregation, while for stoppages, their focus is on business interruption and accumulation risk of cargoes. It could affect owners, movers of cargo and insurers, with more value trapped than the original policy limits considered.
However, the vast and interconnected nature of global supply chains means that options are available to allow a shift to non-impacted entities.
For instance, geolocation and telematics can give organisations real-time visibility if their goods are impacted by an event, including where they are diverted and relocated to. Temperature sensors can monitor the conditions of fuels and refrigerants throughout a journey.
Ultimately, technologies can take organisations from reactive to proactive mode. They can enable supply chain entities to make timely and effective risk mitigation, management and operational decisions. This reduces business interruptions and accumulations.
Some insurers deploy capacity largely based on movement data. This allows cargo insurance to shift to logistics providers in circumstances during which companies and/or their brokers can provide enough data.
With data, generally insurers are able to react more swiftly to a vessel or a truck on the move and adapt prices according to any disruption.
Frequency And Severity
Aggregation and contagion are indicators of loss severity. Severity can affect underwriting profit and reserves and, consequently, most insurance regulators are wary.
Regulators are looking to provide enhanced clarity on the intention of cyber coverage requiring contracts to address “silent cyber”.
Insurers are required to have clear language that specifically excludes cyber risk on policies not intended to provide coverage. This is resulting in more companies considering stand-alone cyber policies.
The other fundamental – frequency - also comes into play. In the same survey in 2019, 31% of respondents reported they had experienced a cyberattack in the previous 12 months. Similar patterns occurred globally in other industries as well. Cyber rates increased as demand grew.
Consequently, insurers focused on the internal processes and procedures that companies had in place to minimise the potential for, and impact of, a cyber incident.
Risk transfer cannot exist without risk management and mitigation both at a company and in the minds of insurers.
Focus On Opportunities
Logistics companies plan their cyber journeys and their recoveries.
A secure digitalisation strategy focuses on opportunities and both identifies risks and addresses vulnerabilities to create a more resilient business that can withstand and recover from a cyberattack.
Cyber is an enterprise-wide risk. It is a boardroom consideration that touches every part of a logistics company.
Although cyber risk can never be completely eliminated, the appropriate strategy, together with a robust cyber insurance program, can help mitigate risk, manage crises and support faster recovery from an event, protecting products on the move.
Those that manage and recover from crises well are generally looked on favourably as having good governance.
Solid Foundation
The advice is to establish a recognized baseline, improve from there and work with insurers.
A good starting point in an organisation’s cyber risk journey is a cyber risk assessment, such as the Marsh cyber self-assessment
Once a baseline is established, there are many potential steps that organisations can take to improve resilience, including using the assessment report as a roadmap to guide prioritisation, risk improvement and potential insurance purchase.
These priorities could also include improved training for employees to prevent and manage cybersecurity risks. According to a study by Mercer, 62% of executives say the greatest threat to their organisation’s cybersecurity is employees’ failure to comply with data security rules.
Other progressions could include: understanding how to reduce the interruptions; investing in specialised cybersecurity personnel; better recognition of third-party risks; addressing systemic weaknesses; and keeping up with regulatory changes, which for supply chain companies can be over multiple jurisdictions.
Keeping Products Moving
The global supply chain is fragile but agile. Disruptions have spurred innovation, enabling organisations’ to become more efficient, resilient, accurate, predictable and dynamic.
Cybersecurity is a jigsaw of risk management and risk transfer. Logistics organisations are now prioritizing cybersecurity in the boardroom.
