Introduction

Banks and financial institutions have drastically changed over the last decade, utilising technology in innovative ways to ensure that they remain competitive and drive efficiencies.  Unsurprisingly, this has provided cyber criminals with new opportunities for cyber espionage and a gateway to extract extremely sensitive data. This is evidenced by a reported 80% increase in cyber-attacks over the past year (FCA, 2018).

As a result, government agencies and regulators have good reason to encourage banks and financial institutions to focus on and invest heavily in cyber security. With the continuing escalation of cyber attacks such as ransomware, data breaches, denial of service and phishing attacks, it is essential that risk mitigation and response is handled as a top priority.

Specific Concerns and Risks

Many banks and financial institutions integrate third party services from other vendors with specialist knowledge, particularly as the industry digitizes. This amplifies the cyber risk exposure, increasing the institution’s vulnerability if the third-party vendor does not have the correct security measures in place. This can lead to the loss of customer data, loss of customer funds, regulatory fines and significant reputational damage.

Banks and financial institutions hold a plethora of sensitive data, that if tampered with can be difficult to detect and can cause financial institutions to incur millions of dollars in damage. Whether an insider employee seeking revenge against an institution, or a hacker looking to impact the reputation of the firm, banks have seen a trend in malicious attacks seeking to cause havoc rather than extract data.  The result of such an attack includes significant legal fees and regulatory fines, as well as business interruption, reputational damage and restoration costs.

Within financial institutions, the transfer of large sums of money is often commonplace. Social engineering attacks are therefore an attractive method for hackers looking for a large pay out. This results in the potential loss of millions of dollars, significant reputational damage and high litigation costs.

Hackers have found ways to impersonate banking websites URL’s to create websites that look and function in the same way as the origional. When users then try to log in, hackers steal their data enabling them to access the victim’s bank account. As a result, hackers can freely transfer large sums of money from the victims back account as well as access confidential data. When dealing with liability, the bank may have to pay extreme litigation costs, even if they do not end up reimbursing the customer.

Banks and financial institutions face stringent cyber regulations. With many banks operating internationally, executives are often faced with the daunting task of compliance. A comprehensive cyber policy will offer complimentary compliance assistance and advice.

Financial institutions face significant threat from insider tampering and employee negligence. Whether this be a disgruntled employee seeking revenge, or a simple mistake, this type of error can go undetected for a long time, causing serious damage and loss of funds.

Types of Cyber Claims

In 2017, seven of the UK’s biggest banks were forced to reduce their operations and shut down entire systems following a cyber attack that was deployed by a technology which could be rented for as little as £11. The criminals launched a distributed denial of service attack (DDoS), that flooded and disabled computer systems with high volumes of internet traffic. Although the banks refused to comment, it is likely that the DDoS technology encrypted confidential information, and demanded large sums in bitcoin to decrypt it.

In June 2018, two large Canadian banks were attacked by hackers who stole the data of nearly 90,000 customers, including social insurance numbers and dates of birth.  The hackers then threatened to release the information if their million-dollar ransom demand wasn’t met. A cyber policy could have covered all the first- and third-party losses as well as include complimentary incident response services to pay the ransom.

In 2016 a large Bank in the UK was hacked by cyber thieves who extracted £2.5m from 90,000 people. The bank suffered significant reputational damage which resulted in a decline of the share price. Additionally, the bank had to remunerate affected clients and suspend online debit transactions. A cyber policy would have covered all the business interruption costs as well as offer PR advice to minimise the reputational damage.

Statistics

  • Financial services firms fall victim to cyber security attacks 300 times more frequently than businesses in other industries (Forbes, 2018).
  • A typical American financial services firm is attacked a staggering 1 billion times a year (Forbes, 2018).
  • Banks lost $16.8 billion to cyber criminals in 2017 (Forbes, 2018).
  • Nearly two-thirds (60%) of financial services companies’ total security costs is spent on containment and detection of cyber breaches (Information Age, 2018)
  • Business interruption and information loss accounts for 87% of the costs to respond to cyber-crime incidents (Cambridge, 2018).

Insurance Solutions

When it comes to cyber security, there is no ‘one-size-fits-all’ approach, especially within the financial sector where business priorities are constantly shifting, and exponential technology forces are changing how many organisations approach the management of cyber risks. Banks must therefore ensure that they have a comprehensive cyber insurance policy, covering both first- and third-party losses.

With hackers constantly developing their methods of cyber-attack, it is also essential that insurance packages include access to an expert incident response team such as Cyber Scout who will ensure that the breach is dealt with efficiently and effectively. Safeonline are experts in Cyber Insurance and can offer the most comprehensive coverage that is tailored to your business needs.

For more information, please get in touch with the team at cyber@safeonline.com