
PRESS RELEASE: KYND supports financial services sector to navigate cyber risk management as DORA comes into force
Understand, manage and take control of your organisation’s cyber risks simply, quickly and cost effectively.
Sell and renew more cyber insurance policies, and keep your clients happy with our tools and support.
Make better underwriting decisions by removing complexity and accessing instant insight into cyber risk exposure.
Get a clear, easy-to-understand view of cyber vulnerabilities and deliver real results for your clients.
Get a clear, easy-to-understand view of portfolio cyber risk vulnerabilities and minimise investment risk exposure.
By KYND
CrowdStrike has reported that the bug has been fixed, but that for many devices, it may take ‘some time’ to recover. Organisations, in general, should see this as a wake-up call to update and properly test their business continuity and disaster risk recovery plans. Too often, these plans exist in theory, but they have rarely or never been properly simulated. Even fewer will include a scenario where the entire organisation’s network was “bricked” and every device needed manual intervention to recover.
(Those with impacted devices should follow CrowdStrike’s advice.)
If there is one immediate takeaway from the CrowdStrike incident, it’s that vendor accumulation risk now needs to be taken very seriously by insurers and portfolio managers. Organisations like CrowdStrike have become so embedded in everyday business functions that their failures reverberate across the entire global economic system, affecting tens of millions of companies worldwide.
Accumulation risk can arise from several scenarios, including a single vendor being used by a significant proportion of a portfolio of organisations, having vendors concentrated in one geographic location, or experiencing fourth-party concentration, where third-party vendors themselves depend on a single organisation.
It’s also crucial to realise that not all vendors are equally critical, and distinguishing between them based on their importance to business operations is essential. A vendor failure that has the potential to cripple the operations of its customers deserves special attention.
Given this context, here are three points to consider:
On the morning of Friday 19th, as soon as we became aware of the CrowdStrike incident, we began to analyse the level of exposure to the incident within our underwriter and financial services client portfolios. By the end of day on the 19th, this critical information had been shared with all of our underwriter and portfolio management clients. We’ll continue to support them as they explore the more complex implications of the event.
Our insurer and financial services clients here at KYND are increasingly seeking support from us to better understand their portfolio exposure to various vendors and granular accumulation events, beyond the recent CrowdStrike incident. While such massive outages are rare, they are not unprecedented.
The global ripple effect from last week’s incident illustrates the extensive interconnectivity throughout the supply chain and the associated accumulation risk. To stay ahead of this, insurers and portfolio managers need reliable and accurate data to pinpoint concentration risk in their portfolio organisations' vendors, including cloud service providers, connected IT systems, and third-party relationships.
If you would like to learn more about how KYND’s industry-leading cyber risk analysis can help you understand your portfolio’s exposure to vendor-specific risks and support your future accumulation risk modelling needs, then get in touch with our experts today.
PRESS RELEASE: KYND supports financial services sector to navigate cyber risk management as DORA comes into force
Top 4 cybersecurity events of 2024 and what they mean for cyber insurance in 2025
PRESS RELEASE: KYND recognised as one of worlds’ leading ESGFinTech companies for financial services
Accreditation & Features