Protecting Supply Chain: Insurer's Success
Discover how a leading EU insurance company protected its supply chain from phishing threats. By reducing supply chain risks by over 90% and saving $1.1 million annually, they improved phishing detection and response times across their network, ensuring compliance and protecting their reputation.
Introduction
A prominent EU insurance company, with over 2,500 agents and 1,300 brokers, has served clients for nearly 100 years. Despite robust internal security protocols, it faced challenges managing phishing risks due to inadequate cybersecurity among partners.
Ensuring consistent security across the supply chain was difficult, and managing human risk was problematic, as they struggled to train employees of partners handling sensitive data. Additionally, the supply chain lacked an incident response mechanism, leaving the insurer vulnerable to financial and reputational damage from phishing attacks.
Successful Outcomes
Reduction of supply chain risks by 90.77% (reducing the vulnerability from 65% to 6% in six months).
$1,125,484 potential loss saved annually.
Employees were 94% better at recognizing fake emails in the first 6 months.
Understanding the Risks of Supply Chain Attacks
Trust in the supply chain and vendor relationships is being exploited by hackers, leading to a 24% rise in supply chain phishing, causing over $2 billion in annual damages. Without proper preventative measures, the insurance company could face significant business challenges, including:
A supply chain attack can result in significant financial loss, potentially costing the insurer millions of dollars in lost revenue and legal fees.
If customer data is compromised, it could damage the insurer’s reputation and lead to a loss of customer trust.
Failing to comply with legal and regulatory requirements could result in fines, lawsuits, and other legal troubles.
A successful supply chain attack could disrupt the insurer’s operations, leading to downtime and lost productivity.
The loss of competitive advantage resulting from a compromised supply chain could harm the insurer’s long-term success.
Potential Loss Prevented
Average reported loss per person | $502 |
Supply chain recognizing and reporting phishing | 35% to 94% in 12 months |
The potential loss prevented annually is $1,125,484 | |
Average Cost Savings from Phishing Incident Response
The average time to respond to a phishing incident | 8 hours to 2 minutes |
The average cost of one staff member | $60 per hour |
The cost of a single phishing incident was reduced | from $480 to $2 |
The total estimated cost savings are $764,800 annually (reducing the cost from $768,000 to $3,200). | |
How the Insurer Strengthened Their Supply Chain Security:
Searched for leaked passwords, emails, and other sensitive data to determine if employees and the supply chain had been compromised.
Installed a phishing reporting add-in to provide detection and response capabilities across the supply chain, protecting against potential attacks.
Identified risky behaviors within their organization and supply chain, including those who fell for phishing scams and ignored reporting incidents.
Implemented a training program incorporating behavioral science elements to promote secure behavior, including reinforcements, nudges, and gratitude exercises.
Tested employee compliance with security policies and procedures, improving behaviors through security training.
Tested existing email security tools (SEGs) to identify vulnerabilities and guided the insurer on fixing supply chain issues.
Updated threat-sharing policies to include indicators such as attacker profiles, phone numbers, and tactics, helping the insurer share intelligence data with its supply chain, local authorities, and financial organizations for proactive prevention.
Operational Results
Addressed human risk management and detection/response gaps in supply chain.
Achieved 94% phishing scam identification success rate in 12 months.
Reduced average phishing incident response time from 8 hours to 2 minutes.
Fewer cases reported, boosting business productivity.
Strategic Results
An annual $1,125,484 potential loss was prevented.
Achieved a 90.77% reduction in supply chain risks.
Enhanced incident response measures ensure deep-rooted protection.
Supply chain employees now report phishing attacks, improving detection and response.
“Keepnet has been instrumental in helping us protect our supply-chain from the increasing risk of phishing attacks. Their platform has not only saved us time and money but has also helped us maintain compliance and protect our reputation. With their support, we've reduced our response time to phishing incidents from 8 hours to 2 minutes, and identified a phishing scam with a 94% success rate in just six months across our supply chain.”