Information Risk Insights Study: IRIS TSUNAMI

October 20, 2021
White Papers

After major multi-party cyber incidents, it’s time to implement better cyber security and risk management strategies.

In almost every way imaginable, we live in a hyperconnected world. This connectivity has brought many benefits to modern business models, but it has also introduced myriad challenges and risks. Cyber security and risk management are constant concerns. If you take the time to deconstruct even the simplest of business transactions, you’ll find in the mix a surprising number of parties from technical components supporting the transaction to the completed delivery of products to the customer. But what happens to all these parties when something goes wrong?

That is ultimately the question the new IRIS Tsunami seeks to explore. Created by the Cyentia Institute, sponsored in part by Interos, this report identified 50 of the largest multi-party cyber incidents over the past several years in an effort to understand their causes and consequences from beginning to end. This way, future cyber security and risk management efforts can succeed where past ones failed.

If you are familiar with Cyentia’s other research in the Information Risk Insights Study (IRIS) series, Tsunami draws from the same rigorous methodology. Cyentia started with a huge dataset of cyber loss events, identified those that involved multiple organizations, and then researched each event to understand who was behind it, what happened, how the after effects propagated through the supply chain, and the financial losses for all parties involved.

Key learnings of the report

By reading the report, you’ll discover an array of critical cyber security and risk management data that you can use to strengthen your decision-making, including:

  • How a “multi-party cyber incident” is defined, including what it takes for one to qualify as a “tsunami.”
  • A breakdown of how these incidents occurred, including an exploration of what data was compromised, what threats emerged, and how bad actors gained access in the first place.
  • How ripple effects propagate and ultimately harm far more organizations than just the ones initially impacted.
  • The kinds of threat actors that are having the biggest impact, and the sectors most likely to be initially impacted by “tsunami” incidents.
  • How cutting-edge AI and machine learning are essential in addressing risks to your extended supply chain in real-time.

Fill out the form to access the full report. Then learn more about how to prepare yourself for future cyber security and risk management challenges by visiting

View next

Ensure Operational Resilience

Request Contact

Build operational resiliency into your extended supply chain:

  • 889 compliance – ensure market access
  • Data sharing with 3rd parties and beyond – protect reputation
  • Concentration risk – ensure business continuity
  • Cyber breaches – assess potential exposure
  • Unethical labor – avoid reputational harm
  • On-boarding and monitoring suppliers – save time and money