A new report authored by Acrisure’s James Morgan has highlighted the rising threat of cyber-attacks on key third-party vendors and their potential to trigger widespread operational disruption and financial losses across multiple businesses.

The new report is centred around the recent cyberattack on Collins Aerospace, a major aviation technology provider owned by RTX Corporation.

For those unaware, the firm suffered a cyberattack on the 19th of September that disrupted its MUSE system, which is a widely used airport platform that supports passenger check-in, baggage processing, and boarding operations at dozens of major international airports.

The European Union Agency for Cybersecurity (ENISA) has since confirmed that ransomware was used to scramble critical systems, leading to severe operational disruption.

The disruption impacted major airports including Brussels, London Heathrow, Berlin Brandenburg, and Dublin.

“The Collins Aerospace cyberattack is not a one-off. We’ve seen similar recent events involving other critical vendors, including the July 2024 CrowdStrike outage, which crippled IT systems across major corporations and governments globally, and the Kaseya ransomware attack in 2021, which affected thousands of downstream clients via managed service providers,” James Morgan, Senior Vice President at Acrisure London Wholesale, explained.

He continued, “These incidents reflect a growing trend, showing that third-party cyber risks are among the most significant threats to operational resilience.”

According to Morgan, the Collins Aerospace attack evidences that even if systems are secure, businesses are still vulnerable to a supplier’s weaknesses.

He concluded, “In today’s hyper-connected economy, organisations rely on a complex web of third-party vendors, from cloud services and software providers to logistics partners and payment processors.

“As cyberattacks grow more frequent, sophisticated, and targeted, businesses must go beyond technical defences and strengthen their risk transfer strategies, particularly around third-party exposure.

“The Collins Aerospace incident is a powerful reminder that cyber risk isn’t just about stolen data; it’s an operational, financial, and reputational threat. When a critical vendor goes down, the ripple effects can be immediate and severe.

“From aviation to healthcare, utilities to financial institutions, every sector is now deeply reliant on digital service providers. And when they fail, your business can suffer the consequences even if your own systems remain secure.

“It’s not just about covering data breaches; it’s about protecting your ability to operate, serve customers, and recover quickly when things go wrong.”

The post Third-party cyber risks among most significant threats to operational resilience: Acrisure appeared first on ReinsuranceNe.ws.