It’s time to change the playbook: Prepare for uncorrelated surprises
Investors came into 2022 feeling good, with a three-year average annual return for the S&P 500 of 24%. In March, things changed. The Federal Reserve raised interest rates, signaling it was time to switch to bonds. The playbook said bonds were the much safer play.
Then Russia invaded Ukraine. Commodity prices, especially energy and food, spiked. Supply chains broke. The E.U. faced a winter without enough energy to heat homes or power businesses. The British Pound collapsed like an emerging market currency. The Nord Stream undersea gas pipelines were sabotaged.
Investors were thwarted by a series of unforeseen, uncorrelated events.?
Cybersecurity pros know the feeling. Remember in 2013 when Target was hacked via a third party with access to their systems? Hackers went after the less secure HVAC company that serviced Target stores to gain access to key Target business systems. The data breach ultimately cost Target between $162MM and $300MM.?
The cyber playbook at the time was about protecting critical assets from attacks. The focus was on data centers, firewalls, and segmentation for critical assets. This defensive posture was supported by improving detection and response to the most critical threats as quickly as possible. Nowhere in the playbook did it talk about obscure third-party HVAC vendors.?
Since then, third-party attacks have significantly increased in prominence. GE, Boeing, Tesla, Volkswagen, Expedia, Marriott, Instagram, YouTube, and TikTok have all experienced these the last few years.