Cyber Risks, Cyber Insurance And Banks

Cyber risk and cyber insurance are byproducts of advancement in technology and digital banking. In recent times, dependency on technology has gone up and as a result data and information have become the most valuable assets. Unscrupulous persons and organizations have developed various methods for data manipulation which can then be utilised nefarious purposes for generating wealth, of course in a wrong way.  The attempts to steal data leads to cyber-attacks making cyber risk the most critical concern for businesses.   A survey conducted among 12,500 executives by the World Economic Forum 2018 identified cyber risk as the most critical risk of doing business in the modern era. As technology advances, the threat will also increase making organisations to spend more and more for cyber security. Meanwhile, cyber insurance has also evolved as a risk sharing mechanism for organisations. 

Cyber insurance, cyber-attack,  Cyber risk, technology boom, digital banking, SWIFT, GDPR, privacy, analytics, artificial intelligence, manipulation, data , information, asset

Why are Banks prone to cyber-attacks?  Why they prefer cyber insurance? 

Banks and Financial institutions are custodians of public money and hence they become easy prey for cyber-attacks.  Cyber-attack surface has expanded beyond imagination in recent past due to increased use of technologies like machine learning, artificial intelligence, robotics, analytics, improved digital banking channels, penetration of convenient products like payment cards, ATM cards etc for increasing operational efficiency and reducing cost impact. Customer expectations are increasing exponentially compelling banks to upgrade their products and processes on continuous basis to remain relevant, sometimes even at the cost of security.  As a result, sufficient space for cyber-attack is being created. Customer expectation makes banks to invest heavily in technology and cyber risk prevention.

General Data Protection Regulation (GDPR) introduced by European Union envisages huge penalties for breach of privacy. GDPR makes organizations handling personal information of EU residents responsible and accountable for the privacy and security of such data. As a result, first party risk is emerging as the biggest challenge for banks and financial institutions pushing third party risks to back ground. Data maintained by banks are highly sensitive as far as privacy is concerned. Any leakage of data can even question the existence of such an institution. But, competition among banks compels them to leave loop holes for hackers to exploit. 

Banks and other organizations are continuously investing in processes and infrastructure to preempt cyber-attacks. But, new cyber-attacks varying in magnitude and methods are being reported on daily basis across the globe. Fraudsters are improving their techniques with focus on more and more organisations. Each organization is confronting the question when they will experience a major attack. 

What is cyber insurance? Why is it important? 

Cyber insurance is the best risk mitigation tool available for organizations to minimize the impact of cyber-attacks. It is an insurance product that is designed to enable corporates to transfer losses that may arise from cyber-attacks. Initially, it was offered as a cover to organizations against hacking. Now cyber insurance extends coverage for business interruption, extortion, financial fraud, legal liability and system failure arising from cyber-attack.

For banks and financial institutions, the losses of cyber-attacks can be extremely high as they are custodians of the money of public. In the case of a branch robbery of a bank, the loss that can arise is nominal. Unlike robbery of a branch, the loss that can materialize from cyber-attack is extremely high.  Operations and data base of banks are now centralized. When the central data base is attacked that can turn out to be an event capable of making the bank bankrupt. The estimated loss that arose from the cyber-attack ( SWIFT based attack) on Bangladesh Central bank a few years back is USD 81 million. Many similar incidents of high gravity are reported from various parts of the globe.  The magnitude of loss compels banks to opt for high cyber insurance coverage. As the number of small incidents is on increasing trend, to exclude them from the purview of cyber insurance, insurers insist high excess (deduction) for cyber insurance policies.   
 

Leave a Reply

Your email address will not be published. Required fields are marked *