Effective Cyber Incident Management Strategies for Supply Chain Resilience

The proliferation of digital systems helps businesses increase productivity, boost communication and foster innovation. Companies are becoming more interconnected and reliant on interdependent technologies. However, as with any new technology, the associated digital supply chains come with their own set of risks and challenges, increasing the attack surface for cyber threats that malicious actors seek to exploit. In recent months and years, we’ve seen numerous examples and an increasing frequency of supply chain incidents.

Some recent European Marsh client scenarios

Third-party data breach

A company relied on a third-party provider for hosting B2C services, including the storage of personal customer data. A breach at the third-party software provider led to the exposure of customers’ personal data sets. The company had to comply with legal obligations, notify and communicate with affected customers, and work with the provider to contain the incident.

Ransomware attack on a cloud-service provider

Another company contracted with an external provider to host its critical enterprise resource planning (ERP) system. When the provider suffered a ransomware attack, cybercriminals encrypted its systems. This led to an outage of the company’s ERP system, causing significant business interruptions. The resulting order processing and inventory management delays ultimately had a negative impact on production schedules and customer satisfaction.

Managing your risk

The key to digital supply chain resilience is understanding the entire risk ecosystem. This means identifying and assessing potential risks from all sources, including third-party technology service providers, software, hardware, platforms, data stores, and business partners such as customers and suppliers.

Risk management is crucial to this process. That’s why the European Union’s Digital Agenda, particularly the Network and Information Systems Directive, introduces significant regulatory considerations for businesses regarding supply-chain security. This directive emphasises the need for organisations to assess and manage risks not only within their own operations but also throughout their supply chains. Companies are required to implement robust security measures, conduct regular risk assessments, and ensure that their suppliers and partners adhere to similar standards.

Cyber-incident response planning is also critical for achieving overall cyber resilience. In the context of the digital supply chain, best practices are similar to those in “traditional” information-security-incident response. These include detecting, analysing and containing incidents as quickly as possible to minimise their impact on the business. However, digital supply chain incidents can be particularly difficult to detect, analyse, and contain and may have different timeframes compared to traditional incidents. It’s important to develop an incident response (IR) plan that specifically addresses them.

Make sure you’re prepared

To effectively plan for digital supply chain incidents, companies should consider the following actions in addition to general best practices:

1. Develop a comprehensive IR plan that specifically addresses digital supply chain incidents. Your plan should include detailed incident-response procedures and escalation processes.
2. Conduct regular testing and simulation exercises, including supply-chain-incident scenarios, to ensure your IR plan is effective and up to date. Practice these scenarios with key suppliers and partners to keep all external stakeholders informed and trained for such situations.
3. Include incident-reporting clauses in contractual agreements with relevant business partners (suppliers, customers, service providers).

Five tips for handling supply chain risk

Below are five of the most important actions you can take to ensure your business is resilient against supply chain risk:

1. Conduct thorough due diligence when selecting third-party technology service providers, including managed service providers (MSPs), to ensure they have robust security measures in place.
2. Implement strong access controls and data encryption to protect sensitive data stored in your digital supply chain.
3. Regularly assess and update your risk-management strategy to address emerging threats and vulnerabilities.
4. Establish clear contractual obligations with your business partners, including customers and suppliers, to ensure they’re also implementing effective security measures.
5. Implement a comprehensive cybersecurity training program for all employees to increase awareness and reduce the risk of human error, and work with your business partners to do the same.