Today the European Central Bank suffered a hacking attack, which according to press reports seems to have wormed its way in via a newsletter, produced/distributed via a third party company.
The ECB can easily afford a fine under the EU’s GDPR rules of course, they can simply create more magic money. But insurance companies aren’t so lucky and the data breach, along with cases such as British Airways and Marriott Hotels earlier this year, all demonstrate how essential it is for insurers to keep tabs on their data, as well as their third party suppliers, vendors, FNOL, claims adjustors, technical advice specialists, legal partners and so on.
Commenting on the ECB data breach Tom Draper, Technology & Cyber Practice Leader at Gallagher, said:
“From publicly available information the cyber-attack on the ECB appears to have been caused by a breach of a vendor’s server. Similar to the Capital One breach earlier this summer, this further demonstrates the exposures associated with third parties outside of a company’s security team.”