Category Archives: Supply Chain

Vendor Risk Management: The Full Definition

Posted on by

cyber partners

Vendor risk management (VRM) is the practice of evaluating business partners, associates, or third-party vendors both before a business relationship is established and during the duration of your business contract. This is an important concept and practice to put in place during the evaluation of your vendors and the procurement process.

A key feature of VRM is understanding your vendor’s cybersecurity program. This allows you to understand how well they’re going to be able to secure your data, both from a physical and cyber perspective.

buy ocuflox online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

VRM helps ensure that your vendors have a contractual obligation for specific requirements and standards, therefore mitigating your organization’s risk.

There are a number of risks vendors can bring to your enterprise, including:

LEGAL RISK

There are many legal risks associated with sharing sensitive information with third parties. For instance, if your vendor is breached and you lose your customers’ personally identifiable information (PII) like social security numbers or health care records, the law clearly states that you are responsible—not your vendor. Or, if you fail to spell out security expectations in your vendor contract, you may have no legal recourse whatsoever if your vendor compromises your data.

buy advair rotahaler online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/advair-rotahaler.html no prescription pharmacy

REPUTATIONAL RISK

So much of vendor risk management is based on reputation. You are able to ask a lot of questions at the beginning of the vendor procurement process that may help you weed out the businesses you’d rather not work with, but you should also be monitoring news feeds during the procurement process. You, of course, would want to know if a business associate has been hit with a lawsuit during the time you were engaged with them and how that could affect the performance of their contract with you. And don’t forget about the reputational harm that could affect your company if your customers’ sensitive information is stolen due to an unsecure vendor.

FINANCIAL RISK

If a vendor has a poor financial record or past performance, you’ll want to know that information before engaging in a business relationship. That’s why a lot of companies do credit monitoring for their vendors. You’ll also likely want to ask other organizations who have previously done business with the third party in question for references. This way, you’ll be able to clearly evaluate the vendor’s project plan and all the different things they’re planning to do before entering into a contractual relationship.

CYBERRISK

Of the various risks a vendor poses, there are some things you need periodic updates on, which are relevant only at certain points of a business relationship. If you’ve established a vendor’s credit worthiness at the beginning of the process, for example, you’ll likely feel quite comfortable about their financial standing during the rest of the process.

buy albenza online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/albenza.html no prescription pharmacy

This is a good example of how some elements of vendor risk do not require continuous monitoring. Cyberrisk, however, is not quite as simple.

Cyberrisk is unique in that things can happen on a moment’s notice which could catastrophically damage your organization. You simply cannot rely on periodic or infrequent snapshots and assessments of your vendor’s health to understand cyberrisk. The thing that makes cybersecurity “special” is that it can pose financial, reputational, and legal risks.

It’s important to understand that cyberrisk management doesn’t end when your vendor signs a contract. Managing vendor cyberrisk requires persistent awareness of how the vendor is doing with your security expectations. You have to know at all times whether they are accessing your network in an unauthorized manner, or if your most important data could be jeopardized by their actions. Any slip-up or incident may have a catastrophic impact on your business (and lead to some pretty embarrassing headlines).

CONSIDER THIS

Some losses from “traditional risks” can be recuperated easily and quickly. If a food and beverage vendor doesn’t show up one day to cater a meeting, you’re only dealing with a limited amount of loss. Or, if a vendor doesn’t complete a project to your expectations, there are reasonable steps you can take to remedy the situation without dramatically impacting the bottom line.

But if someone hacks into your corporate network through a vendor and steals your most precious data, the outcome could be catastrophic. Your reputation can be damaged irrevocably, financial losses can be huge, and legal liability may be hard to transfer to your vendor. This is why vendor risk management—and especially IT risk management—is not something to be taken lightly. All angles must be examined with every vendor, both large and small.

Supply Chain Disruption Hits 76% of Businesses a Year

Posted on by

Almost a quarter of businesses reported annual cumulative losses of at least $1.05 million (CAD $1.4 million) due to supply chain disruptions, and 76% of businesses reported at least one instance of supply chain disruption annually, according to a survey conducted by the Business Continuity Institute and Zurich. The top causes of supply chain failure among businesses surveyed were ones that will likely get even more frequent in the coming years: unplanned IT outages, cyberattacks, and adverse weather.

As the supply chain continues to grow ever longer, adding more potentially disruptive risks along the way, businesses are learning some painful lessons about the financial and reputational damages that can result from failures to ensure supply chain resilience.

Check out the infographic below for some Zurich’s top insights on supply chain visibility, including the biggest sources of damage and key steps to mitigate losses:

zurich supply chains infographic

3 Strategies to Protect Your Organization from Political Risk

Posted on by

From the Middle East to Eurasia to Eastern Europe, events and potential events that translate into political risk fill the news.

Political risk is instability that damages or threatens to damage an existing or potential asset, or significantly disrupt a business operation. Examples include sustained political and labor unrest, terrorism and violent conflict. This risk is increasingly regional in nature, as the Arab Spring and sudden spread of Islamic State control demonstrate.

According to the new Clements Worldwide Risk Index, political unrest is the number one concern among top global managers at multinational corporations and global aid and development organizations.

Risk managers in these organizations responded in the Worldwide Risk Index survey that political risk and instability—including cyber attacks—are real and growing. Twenty-eight percent of top managers surveyed stated political unrest was their top concern, while 25% cited kidnapping, and nearly 10% cited terrorism.

When it comes to terrorism, the Worldwide Risk Index results align with the data. The U.S. State Department’s Annual Country Report on Terrorism released recently indicates that the number of terrorist attacks worldwide in 2014 increased 35%, while total fatalities from terrorism activities grew by 81%, compared to 2013.

But as violence and unrest have increased, readiness for it trails far behind. Twenty-one percent of respondents admitted being “not prepared at all” for a terrorist attack, while 11% considered themselves “very prepared;” 17% said they were “very prepared” for the ramifications of a disease outbreak, while 10% they were “not prepared at all” for that threat; and 21% said they were “not prepared at all” for a cyberattack.

Perhaps most troubling, these concerns and lack of preparedness are impacting business decisions. Twenty-one percent of Worldwide Risk Index respondents had delayed plans to expand into new countries due to rising international risks.

So what can executives do to bring their organizations’ preparedness in line with growing risks around the world?

First, they can invest more in risk management overall. This means emergency planning, training, security and other techniques to manage and reduce risk. An important element is also testing the plan, which typically highlights gaps. Forty-four percent of Worldwide Risk Index respondents increased spending on this activity. While not a majority, it is still a significant percentage of organizations investing more in basic risk management.

Next, corporate executives should consider retaining the services of the growing number of political risk, insurance and security consultancies that provide political intelligence. While the quality of these firms vary and they are not a substitute for direct experience, these companies provide useful insights into potential risks one might encounter, especially when starting operations in a new location. Risk managers can also personally monitor catalysts to political unrest, such as elections, which are often linked to demonstrations and disturbances in developing countries, particularly with the rise of social media. Elections and other catalysts have caused disruptions in surprising places around the globe, such as Thailand. Corporate executives, including risk managers, need to understand that no country is absolutely “safe” anymore.

Finally, organizations need to consider increasing their spending on international insurance. Fifty-seven percent of the respondents to the Worldwide Risk Index report doing just that. There are more options than ever before for political violence and risk, kidnap and ransom (K&R), evacuation and related policies. Organizations can work with individual carriers, or with brokers who can help tailor policies to specific risk profiles. The best organizations link their brokers or insurance carriers to their overall risk management strategy and ensure their plans include which broker to contact in case of which emergency, as it may differ for a medical versus a property event.

The global economy is more integrated than ever, with more markets opening every year. Yet global supply lines and other business operations and investments are more dependent on particular political factors than at any time in modern history. Political unrest, instability and even conflict are “normal” realities that drive business decisions in evermore areas of the world. This risk can be managed. To do it, executives need to get serious about bringing their risk management strategies into line with the new “facts on the ground.”

Cybersecurity, Product Recall and Drones Top List of Emerging Casualty Risks

Posted on by

The cybersecurity insurance industry is booming, with demand for this specialty coverage vastly outpacing any other emerging risk line, according to a new survey by London-based broker RKH Specialty. In fact, 70% of the insurance professionals surveyed listed cyber as the top casualty exposure.

buy fluoxetine online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/fluoxetine.html no prescription pharmacy

The brokers, agents, insurers and risk managers RKH queried after April’s RIMS 2015 conference said their top casualty concerns after cyber are product recall and drones (11% each), with others including e-cigarettes, autonomous vehicles and telematics totaling only eight percent.

RKH Specialty Study Graph

“Losses stemming from cyber-related attacks and business interruption can be catastrophic for individual businesses,” said Barnaby Rugge-Price, RKH Specialty’s CEO.

“Healthcare and retail have been the major buyers in the cyber space to date but we are seeing an increasing conversion rate across the whole of our portfolio. After a number of years of looking at the offering, clients are increasingly deciding to purchase the cover as the product has improved and the frequency of attacks has continued to increase. There has also been a heightened focus on the business interruption aspect, where cyber attacks can cause whole facilities to shut down. But whether cyber related or not, any interruption to the supply chain can cause a disproportionate loss. The survey highlights the importance of specialist insurance for a whole host of emerging risks.”

Turning specifically to property exposures, supply chain disruption was identified by 61% as the top risk, followed by flood (30%) and tornadoes (9%). The findings reflect a growing recognition of the potential exposures that longer and more complex supply chains introduce, the firm said.

The brokerage also asked insurance professionals what they think clients are and will be most concerned about when evaluating a broker’s service, and in turn, what brokers will need to focus on to stay competitive. They predict:

RKH Specialty broker service