Cybersecurity remains on the forefront of daily news highlights worldwide with several of those uncovering several notable breaches, including one of the largest known-to-date. Spanning a period of four years, the theft of sensitive customer information from Marriott International’s Starwood guest database remained undetected, affecting as many as 500 million people.
One of Asia’s top airlines, Cathay Pacific Airways is facing a compliance investigation by the Hong Kong privacy commissioner after failing to report stolen passenger information until seven months after the breach occurred. These prominent data hacks underline the necessity of ensuring corporate diligence regarding the prioritization of cyber risk mitigation efforts, particularly during the busy festive travel season.
Events such as product recall, cyber and business interruption are symptoms of ever- increasing connected business relationships.
A product recall is potentially the most risk-laden situation a company can face. And whether a manufacturer, retailer or wholesaler, this risk is increasing, as supply chains grow more complex and the regulatory landscape becomes more robust. Meanwhile, cyber incidents were ranked as the most feared business interruption trigger in the Allianz Risk Barometer Report, more so than fire and explosions, natural catastrophes or the failure of a supplier.
According to Allianz, this finding represents a significant shift in the perception of business interruption risk and reflects the escalation in cyber incidents over the past 2 years. In 2018, for example, a ransomware attack on a shipping line sent ripples across global supply chains. Resilience360 recorded a total of 65 cyber attacks that directly impacted supply chain assets, with November experiencing the highest number of incidents at 20. Out of the incidents reported throughout the year, ten involved manufacturing actors, six affected airports or airlines, five occurred at couriers or postal services, five at ports or shipping companies and two applied to railway-related firms.
There has been a sharp increase in incidents affecting manufacturing operations and infrastructure such as court actions against former employees accused of leaking data on manufacturing operating systems or email phishing campaigns whose objectives are to access commercially sensitive information. Other reported cases involved lapses in cyber security that left information or even physical assets open to exploitation.