As risk managers continue to address and mitigate the cyber security risks facing their organizations, they may be overlooking a critical threat: the impact of technology failures on supply chains and general operations, Marsh said in a new research briefing.
Such outages and failures have the potential to cause significant loss of income, increase operating expenses, and damage an organization’s reputation and need to be properly managed, according to the latest Marsh Risk Management Research briefing, Cyber Risks Extend Beyond Data and Privacy Exposures.
If unplanned, information technology (IT) outages are the most debilitating source of supply chain disruption, affecting 52% of the companies responding to the Business Continuity Institute’s Supply Chain Resilience 2012 report. In fact, IT outages outpaced all other sources of supply chain disruption, including severe weather events, transportation disruptions, and product contamination.
“Although data privacy is a critical risk in today’s technological business environment, the impact of technology failures on supply chains and general operations is a potentially more severe threat that many businesses may be overlooking,” said Bob Parisi, Network Security and Privacy Practice
Leader for Marsh.
Managing the threat of an IT outage or software failure is essential and should be addressed in a well-planned and effective risk management program. In its report, Marsh suggests the following steps to prepare for an IT disruption and to mitigate potential business impact Determine the criticality of various IT systems to ongoing operations and whether alternatives are available or enhanced protection is possible.
- Determine the criticality of various IT systems to ongoing operations and whether alternatives are available or enhanced protection is possible.
- Develop and test business continuity and crisis management plans that specifically address IT outages.
- Evaluate claims preparation and management plans.
“While cyber insurance can offer financial protection in the event of an IT outage, it alone is not an alternative to solid risk management,” Parisi said. “With effective planning inside a comprehensive risk management program, businesses can better prepare for IT outages and minimize their impact on business operations, revenues, and reputations."