Why Multi-Party Cyber Incident Losses are Greater than Single Breach Incidents?

Cyber incidents are not new – we know that. Even since the internet came into existence, cyber incidents followed. However, with every new breakthrough, cyber incidents keep becoming stronger and more damaging.

Earlier, we experienced a single-party incident that used to impact a single entity or organization. These were pretty serious too. The damage done in terms of money and reputation was also huge.

However, now we are experiencing multi-party cyber incidents. the cyber incident statistics show that these are more serious and damaging than the previous category. This means that the cyber incident impacts multiple organizations, wherein one central victim is the target and everyone below the chain (third-party connections) is impacted.

We know which type of incident is more disrupting. Let’s discuss the impact of multi-party incidents in detail.

The Difference in Multi-Party Cyber Incidents and Single Breach Incidents

In reality, third-party cyber incidents or breaches are not new to us. These incidents are consistently increasing for a decade. For instance, Verizon’s data incident in 2008 influenced various third parties to a great extent.

Various third-parties of victim organizations are frequently caught in the wave and lose a lot in the process. In fact, it is believed that a large segment of multi-party data breaches occurs to exploit remote access offered by third-parties. As a result, when a cyber-attack is planned on a large organization, all its 3^rd, 4^th, and nth party organizations come under the attack.

This indicates that the vendors of an organization also experience a cyber-attack. This ripple event creates a huge loss in the entire ecosystem because various connected organizations lose a considerable amount of money.

Contrary to this, single-party breaches impact a single organization. All the third-parties and nth parties connected are not stretched into this incident. Hence, noticeably the loss of multi-party cyber incidents is naturally more than the single-party cyber incident.

The Impact of Multi-Party Cyber Incidents

Although we have already discussed the risk of ripple incidents to the industry and ecosystem, we have not yet addressed the magnitude of these losses. Let’s analyze how multi-party incidents impact each stakeholder involved.
One thing is clear that the frequency and loss incurred through multi-party incidents are much more than single-party incidents.
Let’s understand this with an example: If we draw a lognormal distribution of multi-party cyber incidents, you will find a lot of concentration in the middle and less on the sides. So, more loss is achieved by the organization that is experiencing the attack and it reduces on the sides for 3^rd, 4^th, and nth parties.

Now, if you find the median, you will find the midpoint of this distribution. The actual loss to the victim, 3^rd party, 4^th party, etc. is observed in a range. (For instance, USD 1,000 to USD 10,000 million).
With the understanding of this ripple event, you may think of the following:

• How these incidents are different from single-party incidents?
• What is the relative influence on the 3^rd, 4^th parties when compared to the victim?

The median of both single-party and multi-party incidents’ severity level would turn out to be extremely different. In fact, the downstream losses may not differ by the same factor, however, the difference is still noticeable. This means that in multiple-party incidents, even downstream organizations also incur huge (not minor) losses.

To address our second doubt, 3^rd parties and 4^th parties can experience equally damaging losses by a ripple incident. If we were to compare a ripple loss to a third-party and a single-party incident to the same third-party, the loss is equally and sometimes, even worse in multi-party breaches. So, being a third-party organization, you can incur a similar type of reputational and money impact on your system with a ripple breach as from the breach that is conducted on your system.

This indicates that firms of all sizes and types should keep track of associated risks and possibilities of cyber-attacks on their organization.

Industries Affected by Multi-Party Breaches

Here’s a list of sectors and industries that are commonly a victim of multi-party incidents:

• Information sector
• Public sector
• Business support
• Retail
• Transportation
• Healthcare
• Educational
• Management
• Trade

Financial Loss of Single and Multi-Party Cyber Incidents

In recent research, it was revealed that the loss incurred by a multi-party breach could be 13 times bigger than a loss of a single-party breach. This means that if a single-party breach is incurring a loss of USD 16 million, a multi-party breach can incur approximately USD 417 million.

Multi-Party Cyber Incident Response Plan Step-by-step:

Having understood all of the above crucial factors, you may be wondering about the recommendations that can help you mitigate these risks. Below we have discussed some of the factors and recommendations that can be used for mitigating multi-party breaches:

1. The first step to risk management is understanding your asset. Understand your relationship with each partner and provider and evaluate the risk associated with each.
2. Keep a check on your outsourcing relationship data with the same frequency as your internal data. In ripple incidents, these downstream firms experience the attack with the same frequency as it was an attack on their own system. So, keeping an additional check on this data won’t harm.
3. Always partner with third-parties that exhibit a high standard of security and performance. When you hold your third-party accountable for these activities, you can reduce the vulnerability of their systems.
4. In digital supply chains and other sectors that are closely interconnected to your organization, keep a close check on the third-party integrations. You need to invest in partners who invest in security and performance.
5. If you have a third-party that is working on behalf of your company, then extra measures should be taken for security. This should not come by making policy or holding third-party accountable. While that is important, you should also hold yourself accountable for this activity.

Conclusion:

It is necessary to understand that third-party outsourcing is not bad. It is beneficial to the most extent. You just need to keep a closer eye on your third-party connections to secure your data and integrity in case of a ripple incident on you or the third-party.