Skip to main content
close search
site logo
Dive Brief

Supply chain attacks could open up vendor competition, Moody's says

Published Feb. 2, 2021
David Jones's headshot
Reporter
Philipp Katzenberger for Unsplash

Dive Brief:

  • Cyberattacks on the software supply chain are raising the threat of damaging reputational trust, according to a Moody's cyber risk outlook report. Companies may start to search for rival providers that are perceived as safer alternatives. 
  • The continued rise of ransomware attacks against companies may force changes in cyber insurance policies and coverage, with insurers raising premiums and modifying coverage to make sure companies take preventative measures.
  • Moody's warned that corporate boards are becoming more sensitized to cybersecurity risks and governance policies are shifting as personal liability of directors becomes a bigger risk.

Dive Insight:

 The 2021 outlook warns the threat of supply chain attacks may lead companies to carefully review any software security vendors that have access to their internal IT systems, as a precaution against future supply chain attacks.

"Issuers will likely implement more stringent vetting of vendors that have access to their computer networks in light of the rising number of cyber supply chain attacks," Leroy Terrelonge, assistant vice president at Moody's said via email.

In a December 2020 cyber risk survey, 80% of respondents indicated that bringing in a vendor with access to a company network required a review from a company's cybersecurity team, he said. About 73% of respondents said these vendors were subject to periodic review, according to the report.

Moody's cited data from Bitdefender showing a 715% rise in cyber incidents during the first half of 2020, compared with the year before. Data from cyber insurance provider Coalition showed ransom demands on its policyholders rose 100% from 2019 through the first quarter 2020 and 50% from the first to the second quarter 2020, according to Moody's.

Only 41% of respondents said that vendors were required to carry cyber insurance, according to Moody's.

"We expect these percentages to rise as issuers work to mitigate the risks of cyber supply chain attacks," he said.  

Cyber insurers are more frequently adjusting policies to limit claims by companies that don't follow strong cyber hygiene guidelines. 

Other potential impacts on corporations, involve the increased involvement of boards of directors in monitoring cybersecurity and growing risk of personal liability for individual directors. 

"Cyber is an enterprise wide risk that falls under the responsibility of the board of directors, trustees or other executives," Terrelonge said. "There are many cyber risk management practices these executives can implement that serve to reduce or mitigate their exposure to cyber risks."

The report noted that Yahoo and Equifax were forced to pay millions of dollars to settle legal claims related to data breaches due to actions of board members and other top executives. A number of prior legal actions against top executives and corporate boards had fallen short, however these recent cases have raised the risk of board inaction. 

Editors' picks

Company Announcements

View all | Post a press release
Why Cybersecurity Leaders Trust the MITRE ATT&CK Evaluations
From Cynet Security
December 05, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Chemonics International Data Breach Investigation
From Migliaccio & Rathod LLP
December 04, 2024
Migliaccio and Rathod Investigates Byte Federal Data Breach
From Migliaccio and Rathod
December 12, 2024
Editors' picks
Latest in Cyberattacks
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.