In an increasingly digital age, increased connectivity between organizations and the consolidation of management solutions has created the perfect storm for cyber attacks on the supply chain.

These security incidents occur when cybercriminals infiltrate a company by targeting less secure elements within its supply chain, often exploiting vulnerabilities in third-party vendors, suppliers, or service providers who have access to the company’s network or data. Not only are these attacks increasing in frequency, but they are also increasing in cost.

By 2025, 45% of organizations are expected to experience attacks on their software supply chains. Additionally, a report by Cybersecurity Ventures stated that the global cost of software supply chain attacks could reach nearly $138 billion, with damage costs expected to increase by 15% annually.

Last month, CDK Global, a US-based software company that provides sales and service management software, was hit by a series of cyberattacks, disrupting a number of car dealerships that use its platform. Despite these incidents, there are no confirmed reports of CDK paying any ransom demands, although the BlackSuit cybercriminal group has demanded millions of dollars from CDK to return its data.

According to Kirsten Mickelson (pictured left), head of the cybersecurity practice group at Gallagher Bassett, car dealerships are an attractive target because of the massive amounts of sensitive customer data they hold, such as financial history, credit applications and Social Security numbers.

Since CDK’s services are used by about 15,000 agencies across the U.S. and Canada, the widespread adoption of this centralized management solution means that breaches of this type tend to have a cascading effect. “Supply chain attacks are the way that hackers get the most bang for their buck,” said Mickelson. “You attack the vendor, but then there’s a cascading effect, and in the case of CDK, that would impact thousands of customers.”

What is fueling the cyber insurance gap?

“Cyber ​​insurance is an investment, not an expense,” said Mickelson, who suggested that the rise in supply chain attacks may be due to a lack of cyber insurance among small and medium-sized businesses.

“We are handling approximately 200 of these claims from downstream agents who were impacted by CDK attacks,” she added.

“Among non-tech customers, especially SMBs, they tend to think, ‘Oh, we’re small, we’re not a target, so why would a threat actor want to attack us?’” Mickelson shared.

A Sophos Cyber ​​Insurance and Cyber ​​Defenses Survey 2024 found that “awareness of business impact” was the most common reason for purchasing cyber protection policies. However, with research indicating that 90% of cyber risks remain uninsured, it’s clear that many businesses don’t understand the true costs involved.

Chester Wisniewski (pictured right), global director and technical director at Sophos, agrees. “Clients may estimate that a one-day office shutdown could cost us $250,000. So a $500,000 policy may seem reasonable to them. But they often don’t realize how quickly costs can escalate into the millions of dollars once outside experts and potential ransom negotiators need to be involved.”

How can intermediaries bridge the cyber education gap?

With average ransom payments reaching $2 million, brokers can add significant value to clients by helping them understand the realistic costs of data breaches.

In addition to providing accurate estimates of policy limits, brokers can encourage clients to practice secure cybersecurity measures through the following strategies:

• Staff training and awareness: Emphasizing the importance of ongoing cybersecurity training and awareness programs for all employees to identify and respond to potential threats.
• Implement multi-factor authentication (MFA): Call for the implementation of two-factor authentication across all systems and platforms to add an extra layer of security.
• Correction management: Emphasize the importance of having a strict patch management policy in place to address known vulnerabilities immediately, and ensure critical updates are applied as soon as they become available to prevent exploitation.
• Endpoint Detection and Response (EDR): Highlighting the need to implement EDR solutions to monitor and respond to threats at endpoints, and provide advanced threat detection and response capabilities to mitigate potential cyber attacks.
• Incident Response Preparedness: Assist clients in developing and testing incident response plans to ensure rapid and effective responses to cybersecurity incidents.

In addition to the lack of insurance, the Sophos survey highlights a significant lack of understanding among customers regarding cybersecurity policies. In fact, 40% of respondents whose organizations have a cyber insurance policy were unsure whether or not it covered ransom payments.

Brokers can also play an important role in helping clients understand the nuances of their cyber policies — what is covered and what is not — in the event of an attack, Mickelson stressed.

“There’s an interesting distinction we’ve seen in the market. Is the cyber insurance policy going to pay the ransom on behalf of the policyholder, or is the cyber insurance policy going to reimburse the policyholder for paying the ransom? While that’s a good point, in practice it makes a big difference. If the ransom is millions of dollars, and you’re a relatively small to medium-sized organization, you may not have that cash flow on hand to afford that,” Mickelson said.