How TMT companies can manage cyber, business interruption and infrastructure risks

What happened?

Cyber, business interruption and critical infrastructure are all top threats facing the Technology, Media and Telecommunications (TMT) sector.

New analysis from AGCS examined 5,000 insurance industry claims worth €1.2bn. This was used to evaluate the key risks facing companies.

 

Critical infrastructure was found to be a significant danger to the sector, as it is increasingly a target for criminals. For example, physical attacks on the US power grid rose by over 70% last year.

Jody Yee, Global Industry Solutions Director for TMT at AGCS, said: “At the same time, the widespread roll-out of new technologies means there is now an increased reliance on cloud providers and other intermediaries. These are all part of our new interconnected world and depend upon critical infrastructure.”

When it came to claims patterns, natural disasters, fire, and crime (including vandalism and political violence) are the top contributors to TMT losses according to AGCS analysis.

”The widespread roll-out of new technologies means there is now an increased reliance on cloud providers and other intermediaries.”

Natural catastrophes remain a major concern for companies in this sector, even for those whose main assets are in the cloud, accounting for 67% of the value of claims analysed.

Wilful acts/crime – ranging from the theft of high-value telecommunications equipment to hacking incidents – is the third top cause of loss by value, as well as the most frequent cause of claims.

Recent years have also seen companies file claims for damages to property and infrastructure, including fires, resulting from riot, looting and civil commotion activity in the wake of protests such as those surrounding the murder of George Floyd by the police in the US in 2020.

Business interruption is the main cost driver in over 50% of cyber claims globally, the AGCS analysis found.

What does this mean for risk managers?

If a cloud provider goes down, the knock-on effects on an organisation and its supply chain can be considerable.

Yee said: “The failure of automated systems that rely on shared data could result in lost orders, non-delivery of goods and services and delays to back-office functions.”

Equally, many companies are in coastal cities or campuses so if they are hit by a hurricane, tornado or earthquake both material property damage and additional losses from flooding can be significant.

Ensuring adequate cyber protection can prove to be an extremely challenging task and requires deep expertise and an individualised approach.

“There is a large risk of service interruption and data loss following a disruptive attack such as in a ransomware or wiperware incident”

Yee said: “Companies hold large amounts of personal information which is a prime target for cyber criminals and can be either sold on the dark web or used for fraud or to extort the victim for ransom.

”In addition, there is a large risk of service interruption and data loss following a disruptive attack such as in a ransomware or wiperware incident.”

Cyber protection should include regular backups, segmentation of data, the right end-point detection and multi-factor authentication. All organizations should also ensure compliance with the legislation and regulations that govern their activities in all jurisdictions they operate in.

How can risk managers tackle the threats?

What the top risks for the TMT sector reveal is the extent to which risks can be interrelated and aggregated in the networked world we live and work in.

Yee explains: “Businesses can never be fully prepared for everything, but continuous monitoring of geopolitical issues, proper risk analysis and consulting with experts, both locally and globally, when possible, is a good start.

“Faced with loss scenarios that can fall like dominoes, businesses need robust, resilient operational processes to safeguard operations, supply chains and ensure business continuity.”