PlumBot: Bot: Creating new article from JSON

2026-03-10T05:14:35Z

Bot: Creating new article from JSON

New page

🔗 '''Supply chain attack''' is a [[Definition:Cyber risk | cyber risk]] event in which a threat actor compromises a software vendor, service provider, or other upstream supplier in order to infiltrate the systems of that supplier's downstream customers — a scenario that has become a central concern for [[Definition:Cyber insurance | cyber insurance]] underwriters. Unlike a direct breach targeting a single organization, a supply chain attack exploits the trust relationships inherent in modern technology ecosystems, enabling a single point of compromise to cascade across thousands of organizations simultaneously. The SolarWinds and Kaseya incidents are landmark examples that exposed the [[Definition:Aggregation risk | aggregation risk]] this attack vector poses to insurance portfolios.

⚙️ From an insurance perspective, the mechanics of a supply chain attack create a correlated loss event: because many policyholders share the same compromised vendor, a single attack can trigger [[Definition:Claim | claims]] across a carrier's entire [[Definition:Book of business | book of business]] at once. [[Definition:Underwriter | Underwriters]] evaluating this exposure typically assess a prospective insured's [[Definition:Vendor management | vendor management]] practices, software inventory, and reliance on [[Definition:Single point of failure | single points of failure]]. [[Definition:Policy language | Policy language]] has also evolved, with some carriers introducing [[Definition:Exclusion | exclusions]] or [[Definition:Sublimit | sublimits]] for systemic or infrastructure-level cyber events, while others develop specialized [[Definition:Endorsement | endorsements]] that explicitly address contingent business interruption arising from a supplier's breach. [[Definition:Catastrophe modeling | Catastrophe modeling]] firms such as CyberCube and Moody's RMS now build supply chain attack scenarios into their [[Definition:Probable maximum loss (PML) | probable maximum loss]] estimates to help [[Definition:Reinsurance | reinsurers]] and primary carriers quantify tail risk.

💡 The insurance industry's response to supply chain attacks reflects a broader reckoning with [[Definition:Systemic risk | systemic cyber risk]] — the possibility that a single event could generate losses rivaling a natural catastrophe. [[Definition:Reinsurer | Reinsurers]] have pushed for clearer [[Definition:Contract wording | contract wording]] distinguishing between targeted attacks and widespread systemic events, and [[Definition:Regulatory body | regulators]] are beginning to scrutinize how carriers model and reserve for correlated cyber losses. For [[Definition:Insurtech | insurtech]] companies offering real-time risk monitoring, supply chain visibility tools that map an insured's technology dependencies represent a significant value-add, allowing both the carrier and the policyholder to identify exposure before an attack materializes. As software ecosystems grow more interconnected, the ability to price and manage supply chain attack risk will remain one of the defining challenges in the [[Definition:Cyber insurance | cyber insurance]] market.

'''Related concepts'''
{{Div col|colwidth=20em}}
* [[Definition:Cyber insurance]]
* [[Definition:Aggregation risk]]
* [[Definition:Systemic risk]]
* [[Definition:Contingent business interruption insurance]]
* [[Definition:Catastrophe modeling]]
* [[Definition:Vendor management]]
{{Div col end}}

Definition:Supply chain attack - Revision history

PlumBot: Bot: Creating new article from JSON