Whether Swissport, Oiltanking Germany or Ferag: companies in the logistics sector have recently been repeatedly exposed to cyberattacks. Hackers prefer to target supply chains. But who is responsible for the damage caused by this? And what role does special cyber insurance play in this? LOGISTIK HEUTE asked Ole Sieverding, CEO of CyberDirekt. CyberDirekt has specialized in cyber insurance and, in addition to prevention services, offers a comparative calculator of cyber policies from 15 insurance companies.
LOGISTIK HEUTE: When do companies in the logistics sector need cyber insurance?
Ole Sieverding: Cyber insurance is like a car insurance policy. Immediate help in crisis, only it involves hacking attacks on businesses instead of flat tires on the highway.
In addition to immediate help in the crisis situation, the insurance covers costs incurred later, such as crisis management, IT forensics, data and system recovery and legal advice in case of data leaks, but also possible interruption business and liability claims. business. A set of services is developed that supports the insured company in the specific situation to treat it professionally and covers the costs incurred. Cyber insurance is thus a highly experienced outsourced IT crisis department that can be quickly and pragmatically reached in an emergency.
In logistics, cyber insurance can play an important role in any comprehensive IT security strategy as soon as your own business model depends on a working IT system.
At which points in supply chains are currently at particular risk of becoming victims of a cyber attack?
The dominant type of damage in cyber insurance today is ransomware damage. These are IT system compromises where data and systems are specifically encrypted and therefore locked down by attackers. The result is a complete failure of IT systems and an operational standstill, often lasting for weeks. This quickly becomes very expensive and jeopardizes liquidity, especially for smaller companies or providers.
The two main attack vectors in so-called ransomware attacks are, firstly, phishing emails to employees through which login details are obtained to gain legitimate access to systems. Second, there are direct interventions in the network through insecure remote access options, such as open ports in the firewall or software vulnerabilities in the applications used.
What makes good cyber insurance?
Where it says cyber insurance, there can be very different things because it’s not a regulated line. Therefore, it is worthwhile to obtain specific advice and evaluation from an insurance broker who specializes in the subject.
In addition to the nasty pitfalls in insurance terms, claims experience and processes are especially important to cyber insurers due to the nature of the cover letter. It is important, for example, which IT service provider is behind the crisis hotline.
Another important factor is risk issues and the minimum IT requirements that must be met in order to purchase insurance coverage and not have surprises in the event of a loss. For the most part, these are things that make sense for your own resiliency and hardening IT security, regardless of whether you purchase cyber insurance. Therefore, it is definitely worth taking a closer look at the individual requirements that cyber insurance companies impose on their own company.
What role does the use of IT forensic scientists play in this?
Similar to obtaining evidence at a crime scene, IT forensic scientists are used to clarify the course of events and obtain evidence that will stand up in court. This is usually done with specialized analysis software and hard disk copies.
In the immediate crisis following a cyber attack, access and support from experienced crisis managers and IT experts is the deciding factor. They allow to control the situation as quickly as possible to establish an emergency operation. Only in this way is it possible to approach the reconstruction of the systems in a structured way and return to normal operation. In practice, unfortunately, this is often much more complex and time-consuming than previously thought.
Has the threat situation increased as a result of the Ukraine crisis?
In any case, another threat has emerged, even if this potential political threat has mercifully remained abstract in Germany until now, with a few exceptions (Enercon and Rosneft Germany wind turbines).
IT security is not a state, but rather a process that management must constantly address and constantly improve. Attackers are becoming more professional by the day, and companies need to at least keep up. Cyber insurance can be a useful additional line of defense here.