Intangic

With the increased frequency of supply chain breaches and disruptions to companies that depend on these 3rd parties, it's fair to ask the question: "can companies find a better balance between further investments in digitization and the need to improve/maintain security?" Yes, and some companies achieve this balance better than others. But a primary reason companies invest in technology is to grow margins. As this chart shows, management teams have no choice but to continue to accelerate these investments despite it resulting in less control over the risks. Our latest article on what risk and insurance teams can do to get some control back is in the comments.

Last month, we saw disruptions to grocery store chains like Sainsbury's and Morrisons stemming from the Blue Yonder supply chain breach. This week, it was significant disruption to Krispy Kreme following its own attack in November, one the company said will have a material impact on its financials. These events are byproducts of a massive shift towards digitization of all parts of company operating models. This dynamic between the pursuit of financial gains from tech and the increased cyber risk that often results is playing out in all industries at an increased rate. It's something we tackle in the December edition of our monthly research note, The Intangibles. Joshua Cryer DIP CII

Many thanks to the Airmic (Association for Insurance & Risk) team for a great evening at the Annual Dinner this week. It was wonderful to host Corinne Cozens Richard Cutcher Nick Morgan Marina Tsokur Alison Hill and Danielle Wishart. Congratulations to all of the award winners, especially Asif Shah of DS Smith and Kevin Steed, Richard Gavan and the AstraZeneca team! Joshua Cryer DIP CII and Ryan Dodd Chris Nolan

The Ahold Delhaize breach last week that impacted two of the company's grocery store chains in the US is not just a reminder of the downsides that come with digital transformation. Management teams understand there are trade-offs that come with the gains in efficiency, cost savings and improved operating margins. What’s missing are better tools for understanding, assessing, financing and transferring this increasingly dynamic risk. More on this in the next edition of our monthly research note, The Intangibles. cc Joshua Cryer DIP CII

The news yesterday of Akira ransomware group stealing data from 30 new organizations this week (now bringing the tally of total victims to over 350 organizations) is a reminder of the resurgence in data theft over the past two years. In January, Akira hit Swedish cloud services company, Tietoevry, an incident that in turn impacted many of the companies’ large global customers. According to Cisco, Akira’s success is partly due to the fact that they are constantly evolving. It’s what makes cyber so dynamic as a risk (and challenging). To quote Cisco, “We anticipate Akira will continue refining its tactics, techniques, and procedures (TTPs), developing its attack chain, adapting to shifts in the threat landscape, and striving for greater effectiveness in its RaaS operations, targeting both Windows and Linux-based enterprise environments.” The November edition of our monthly research note, The Intangibles, covered this significant shift in attacker behavior and how risk managers can evolve just as quickly, including with smart use of a captive.  

In the November edition of our monthly research note, The Intangibles, we dive into the implications of cyber being a human behavioral risk and what this means for risk and security teams, especially those with captives.

UnitedHealth Group's (UNH) Q3 Earnings released yesterday estimated that the February 2024 cyber attack on Change Healthcare will cost the company nearly $2.9 billion this fiscal year. This is a figure we flagged earlier in the October edition of our monthly research note, The Intangibles. As the downside risk of digital transformation - cyber risk - increases for large corporates, so too does the coverage gap. UNH's latest disclosure is helpful reading for any risk manager seeking to better understand economic loss risk due to cyber. The company grew YOY revenues in Q3 by $8.5 billion largely due to Optum and Change Healthcare - two pillars in the Group's digital transformation effort. We can be sure of one thing: the continued acceleration of digital transformation will not slow down, even with the growing downside risks.

Perspectives from DS Smith's Tony Dimond, Asif Shah and Group CISO Steve Collins from a recent Case Study in StrategicRISK on managing cyber risk within the Group's enterprise risk framework. The full article here: https://lnkd.in/eF_pE89e

Thanks to Ryan Hewlett, The Insurer and EY for hosting CEO/Founder Ryan Dodd at the Monte Carlo #RVS Roundtable on "How the sector can embrace the embedded insurance opportunity". Much more to discuss in the upcoming year as #digitaltransformation continues to accelerate. https://lnkd.in/ezF3FwBz #cyber #cyberrisk #dataprivacy #cyberinsurance

In an 8-K filing last week, billion-dollar US-listed security provider ADT said that credentials were stolen from a third-party business partner that allowed threat actors to breach ADT's systems: https://lnkd.in/eS_NNwzw According to Cisco Talos Intelligence Group, the top means of gaining initial access to networks in Q423' was a tie between the use of compromised credentials on valid accounts (credential theft) and exploiting public-facing web applications. 36% of malicious tooling was also focused on accessing and collecting credentials. We have talked about these issues of supply chain risk and security controls: https://lnkd.in/eGUhchFG And we'll have more to say on the topic later this week in our next research note. cc Debbie Harrington Joshua Cryer DIP CII