Protecting Your Business by Strengthening Your Supply Chain: Insights from an Insurer
Explore how safeguarding your supply chain can protect your business, with valuable insights provided by an insurer.
Introduction
A prominent insurance company operating in the European Union with over 2,500 agents and 1,300 brokers, providing services for nearly 100 years. This award-winning insurer has a workforce of over 2,000 employees and offers various insurance products, such as motor, health, property, and travel insurance. However, the company faced challenges in managing the ongoing phishing problem.
The insurer faced supply chain risks because of inadequate cybersecurity measures among its partners. While the company maintained robust security protocols internally thanks to Keepnet, ensuring consistent security standards across the entire supply chain and protecting them against phishing was challenging.
Additionally, the company had difficulties managing human risk across the supply chain. They provided security awareness training for their own staff, and they were successful on that, but they were uncertain how to train and educate personnel within their supply chain who handled sensitive data, leaving this insurer susceptible to risks.
Furthermore, the company’s supply chain lacked an incident response and recovery mechanism, making the insurer vulnerable to financial and reputational damage from potential phishing attacks due to the network.
Successful Outcomes
- Implementing stronger security measures has resulted in a reduction of supply chain risks by 89.23% (reducing the vulnerability from 65% to 6% in six months).
- $1.6m potential loss saved annually.
- Employees were 94% better at recognizing fake emails in the first 6 months.
- Phishing incident response time has been reduced from 480 minutes to 2 minutes, resulting in a 240x faster and 99.3% more effective handling.
Understanding the Risks of Supply Chain Attacks
Hackers are taking advantage of the most important factor in the supply chain and vendor relationships: trust. As a result, supply chain phishing has been on the rise, with a significant increase of 24%, causing damages amounting to over $2 billion annually.
If proper preventative measures were not implemented, the insurance company could face a range of challenges that may significantly impact their business, including:
- A supply chain attack can result in significant financial loss, potentially costing the insurer millions of dollars in lost revenue and legal fees.
- If customer data is compromised, it could damage the insurer’s reputation and lead to a loss of customer trust.
- Failing to comply with legal and regulatory requirements could result in fines, lawsuits, and other legal troubles.
- A successful supply chain attack could disrupt the insurer’s operations, leading to downtime and lost productivity.
- The loss of competitive advantage resulting from a compromised supply chain could harm the insurer’s long-term success.
“Keepnet has been instrumental in helping us protect our supply-chain from the increasing risk of phishing attacks. Their platform has not only saved us time and money but has also helped us maintain compliance and protect our reputation. With their support, we've reduced our response time to phishing incidents from 8 hours to 2 minutes, and identified a phishing scam with a 94% success rate in just six months across our supply chain.”
CISO, Insurance CompanyAverage Cost of Breach
Average Cost of Phishing Incident Response
How Keepnet Labs Helped:
- Searched for leaked passwords, emails, and other sensitive data to determine if employees and the supply chain have been compromised.
- Installed AI-powered phishing reporting add-in to provide detection and response capabilities to the supply chain and protect against potential attacks.
- Identified risky behaviors within their organization and supply chain, including those who fell for phishing scams and ignored reporting incidents.
- Implemented a comprehensive employee training program that incorporated elements from behavioral science, such as reinforcements, nudges, and gratitude exercises, to promote secure behavior.
- Tested employee compliance with security policies and procedures and improved behaviors through security training.
- Tested existing email security tools (SEGs) to identify vulnerabilities and guided insurer on how to fix the issues in the supply chain.
- Updated threat-sharing policies to include indicators such as attacker profiles, phone numbers, and tactics, and helped the insurer share this intelligence data with its supply chain, local authorities, and financial organizations for proactive prevention.
Operational Results
- The insurance company addressed human risk management and the lack of detection and response capabilities in its supply chain.
- Within six months, their staff members identified a phishing scam with a 94% success rate during phishing campaigns.
- The average time to respond to a phishing incident decreased from 8 hours to 2 minutes.
- The team is receiving fewer cases and has been able to boost their business productivity.
Strategic Results
- The company has estimated cost savings of $1.6m annually.
- Implementing robust security measures led to a significant 89.23% reduction in supply chain risks.
- The improved incident response measures provide continued and deep-rooted protection across the supply chain and the company's internal mechanisms.
- Employees in the supply chain now report phishing attacks, allowing the company to detect and respond to attacks and prevent other partners from being impacted.
Take Action Now
Are you ready to safeguard your business against supply chain risks and phishing scams? Start your free trial today and see how we can help you protect your organization and ensure the safety of your valuable data. Ready to protect your employees from phishing threats and strengthen your organization's security?
