The COVID-19 vaccine program is well underway, enabling many nations to start their recovery plans. However, it has not been without problems and challenges, and it feels like there is still a way to go before widespread and worldwide vaccination is complete. The vaccines themselves, developed at incredible speed, and are now in production with a view to meeting vaccination targets being set by affected nations.
The impact and spread of COVID-19 is well known, with most of 2020 being focused on the tracing and treatment of those testing positive for the virus. 2020 was also a time for creating a solid and reliable testing regime, and creating new lifestyle habits under a variety of lockdown guidelines, both aimed at mitigating the risks and spread of COVID-19. At the same time, pharmaceutical companies and scientists raced to develop and distribute successful vaccines.
Even though vaccines have since been developed and gone into production, the task ahead remains challenging as nations work through phases of their vaccination programs. New variants of the virus continue to pose a threat, so nations must stay alert and flexible with regards to economic recovery plans.
For the insurance sector, among many things, the vaccination program brought the distribution of pharmaceuticals into focus. This is very clearly a matter of life and death. The pharmaceutical supply chain must be robust, secure and reliable, with errors remaining minimal and logistics rock solid. Problems should and must be quickly identified and resolved with speed and efficiency. The COVID-19 vaccines, like many pharmaceuticals, require very specific storage conditions. While the media focused on the pharmaceutical companies and regional governments as they orchestrated the vaccine roll out, many supply chain companies in the middle continue to face pressure to deliver their logistics services. Expectations are high and they carry significant business risks from failure.
There are many considerations in forecasting and insuring the various risks associated with pharmaceutical production and distribution. Modern day pharmaceutical logistics place a heavy reliance on data and technology. In addition, the storage and transportation of COVID-19 vaccines (and other life-changing drug therapies) requires accurately controlled environments, many of which are now controlled with a high dependence on technology. More specifically, the movement of pharmaceutical products increasingly relies on technology deployed in temperature control systems. The pharmaceutical industry faces threats across the distribution and logistics networks, many of which are costly, including cybersecurity threats, counterfeiting, cargo theft and temperature excursions. According to industry studies, the biopharma industry loses more than $35 billion annually due to failures in temperature-controlled logistics. Pharmaceutical Commerce estimates that by 2022, 30 of the top 50 global pharmaceutical products will require cold chain handling.
Systems controlling temperature are vulnerable to a cyber event, directly or as a consequence of another part of the business being impacted by an event. We have seen the consequential impacts of cyber events on distribution efficiency. This creates a complicated and risky intersection between technology risk, cybersecurity and transportation risk.
As technology is integral to most elements of the supply chain, including most end-to-end processes, it is an ongoing “risk” that is being continuously monitored to reduce any control issues. If we look back to the months preceding the U.S. vaccine roll out, we recall instances of vaccine appointments being cancelled due to a “glitch” in the delivery process. The reasons have not always been clear, with many left wondering if the vaccines had not arrived or if supplies were not available.
Supply chain interruptions can be costly, with significant financial implications – not only is the value of the product in transit at risk, but also the business model of the supply chain company. Companies are expected to deliver, with a level of transparency that is unprecedented.
At both a corporate and personal level we expect to know not only when our shipments will arrive, but the conditions and status of the shipments along the way. Failing at this point in the process could result in supply chain interruption and the consequential losses that result. Business relationships are at risk when things don’t go as planned.
The companies in the middle of the supply chain have a lot at stake. While the pharmaceutical companies take on the burden of developing and producing the vaccines, the distribution and logistics companies assume the risks associated with getting those products to the market. If things go wrong during that distribution, tension will exist between the logistics company and the people at either end of the chain – the pharmaceutical company and the product recipients. The supply chain is exposed to loss in a physical sense, as well as revenue loss and business income loss resulting from a failure to deliver as promised.
Margins in the transportation industry are tight, so any loss event affecting the company’s ability to deliver can put a financial strain on the business model and cash flow. Risk mitigation in the form of both cyber and cargo insurance products form a key element to financial performance and balance sheet protection for the transportation sector. It will also enable them to quickly make things right for their customer. But such insurance products and the claim process associated with such products needs to work quickly and efficiently to ensure that the distribution company’s cash flow is not significantly disrupted.
As the reliance on technology in the supply chain increases, the risks change, and so too does the data available throughout the supply chain, creating opportunity.
Up to now, cyber risk has focused predominantly on the financial impact of cyber events, mainly those associated with privacy issues attached to personal information often obtained during cyber attacks. The intersection of technology-based logistics and storage, along with technology use in the distribution, more clearly connects the dots between cybersecurity and personal health. In fact, in September 2020, the death of a patient in a German hospital was linked directly to a cyber event.
The pharmaceutical and insurance industries have seen and are measuring the impact of cybersecurity events and their influence on the ability to manage distribution channels. The disruption to finely tuned, technology-based distribution logistics can quickly lead to an inability to serve customers and meet sales demands. This converts very quickly to a loss of revenue, and the potential for significant increases in operating expenses.
To measure the loss, an understanding of the impact of a cyber event on all elements of the distribution process is key, including understanding the financial impact. It’s easy to look at hypotheticals and think, “our systems are secure, that wouldn’t happen to us,” but the hypotheticals being discussed and used are things that have happened to others, often in a work place that believed their systems were bulletproof.
In June 2017, a Malware event named “NotPetya” hit the world. This infection was geography and industry agnostic and caused disruptions for companies in a variety of industries including law firms, accountants, manufacturers, logistic companies and building contractors. This was the first time where a systematic incident had wiped out large operations linking to some of the largest logistics companies in the world, such as FedEx, TNT and Maersk. While they were able to recover from the incident, many business operations were forced to work in a manual mode while the digital infrastructure was being reconstructed. If an event of this nature was to occur during the rollout of COVID-19 vaccines, there could be even greater loss due to the integrity of large cold storage shipments.
In addition to an increased awareness of the impact of cybersecurity on the supply chain, insurers are looking at alternative damages resolution options. Many of these focus on the post-loss claims process. Often, claims can take time; more time than the policyholder expects. This has cash flow implications and other operational impacts. To help expedite cash availability in the claims process, parametric triggers are being discussed and implemented more frequently. With the increased levels of data presented by the use of technology, information is now more readily available against which parametric triggers can be established.
The supply chain is a trust relationship that exists between the corporations’ systems and applications. It is not beyond the realm of possibility that this trust is impacted by a cyber event leading to a delay in information sharing. A lack of willingness to share information following an event can have an impact on each party’s desire and ability to investigate the event and understand what happened.
Let’s return to our discussion of temperature-controlled storage and COVID-19 vaccines. In a hypothetical loss event, data that demonstrates the temperature wasn’t maintained at the right levels due to a cybersecurity breach or other event should provide investigating insurers with sufficient information to link this to a parametric trigger. Connecting the dots with data, a parametric trigger does not negate the need to understand what happened or prevent a recurrence, but it does at least get the company more quickly back on track, addressing the insured financial loss resulting from the storage failure.
When margins are tight, the ability to seek financial recovery through an insurance program can be key to helping rectify the physical and financial loss for the customer, and to limit contract loss or further financial impact.
The pharmaceutical industry is already focusing on the challenges of a modernized supply chain. The data and technology in play brings major benefits, but it also, because of the speed of change, can leave supply chain logistics companies at risk. Positioned in the middle of a supply chain and tasked with bringing product to market effectively, safely, efficiently, and without loss, a strong cybersecurity stance together with smart risk management insurance programs are key.
Logistics and difficulties of the COVID-19 vaccine distribution have presented important lessons for the supply chain of the future. Modernized logistics monitoring and the data available in the supply chain presents opportunity for improved risk management. But the reliance on technology and the resulting cyber security risks all intersect to create new risks. Businesses need risk management products to react and respond effectively and with speed to allow them to return to normal as quickly as possible. And with data, technology innovation and claims management innovation, those such products and solutions are becoming more and more available.
Connect with our forensic accounting and technology specialists to learn more.