Cyber insurance: A must for banks and financial services
7
MINS READ
SERVICES
Cyber Security
Data and Cybersecurity to Fight off Cyberattacks
Industry
Insurance
Reinventing the Insurance Industry with a Digital-first Strategy
Highlights
With rising cyber risk, there is greater emphasis on strengthening cyber resilience among banking and financial services institutions.
Financial institutions have wide operating canvasses across multiple business lines and need a comprehensive cyber insurance strategy for managing cyberattacks and business disruption.
Designing a foolproof cyber insurance strategy requires financial services firms to focus on multiple dimensions.
In this article
Abstract
Cyber compromises continue to rise globally, adversely impacting banking and financial services (BFS) institutions.
Cyber compromises are not only resulting in huge legal penalties for financial enterprises but also derailing their efforts to recover and rebound from the COVID-19 pandemic. There is great emphasis on strengthening cyber resilience among banks and financial institutions.
From an organizational standpoint, cyber resilience has heavily focused on infrastructure and monitoring enablement. These traditional fortification mechanisms, however, are unable to provide the necessary cover to business lines with wide and varied operating canvasses, which makes them prone to breaches.
Despite cybersecurity measures in place, this gap highlights the need for provisioning cyber insurance for the various business lines in both banks and firms across the financial services ecosystem, such as mortgage and settlement providers.
Read further to understand the need for banks and financial institutions to have a comprehensive cyber insurance strategy for managing cyberattacks. This will ensure business continuity and operational resilience.
Cyber insurance: An imperative for the finance industry
Banks and financial services firms have wide operating canvasses ranging from retail and corporate banking to mortgage and settlement services and forex and insurance services.
The value chain almost always comprises multiple vendors, applications, and heterogeneous environments for providing a range of customer services. In this scenario, to minimize cyber exposure and maintain a pre-incident state, cyber insurance must cover expenses from the time of the incident to the full recovery of the business. This exercise must be carried out by the chief information officer (CIO) or the chief risk officer (CRO). While there are some products in the market, most CIOs and CROs see deficiencies in their construct. Thus arises the need to understand the multiple business dimensions that warrant attention in arriving at a workable and feasible cyber insurance strategy from the CIO or CRO perspective.
For any line of business, the major components of cyber insurance range from maintaining core backend processing systems to real-time settlement systems and customer-connect systems. The infrastructure and applications that enable the ecosystem also constitute the consideration envelope.
The key tenets of a cyber insurance strategy
Several major components, each with its own unique business proposition and flavor, form a part of the cyber insurance requirements.
- Strengthen core processing: Treasury services process large volumes of data, including customer, banks’ internal, counterparty datasets, and business-generated metadata. Keeping this activity off cyberattacks is a key business requirement.
- Fortify real-time settlement systems: Despite provisioning for fallback mechanisms in business processes and infrastructure availability to achieve operational resilience during cyberattacks, real-time settlement systems attract legal penalties.
- Minimize downtime on customer services: With last-mile connectivity (in both web- and mobile-based services) being heterogenous, cyber breaches also carry the risk of bringing malware into internal systems. Most often, the risk exposure is not easily determined.
- Access opportunity loss: Calculating the opportunity loss due to cyber exposure is not an easy task. While the exposure and its fallout comprise the downtime, the line of business and its level of monitoring and maintenance activities will determine the exposure.
- Account for compliance-driven legal liabilities: In the highly regulated banking and financial services domain, service disruption due to cyber breaches could become a nightmare for CIOs or CROs. These incidents result in identity theft and unauthorized transactions leading to fraud.
A sound cyber insurance plan will fuel operational resilience
Banks and financial services firms must consider the dimensions discussed in drafting their cyber insurance policy and align with strategies to provide the desired operational resilience during a cyber breach.
The CIO or CRO community will be armed to work out a flexible and unique insurance cover if this exercise is done for each line of business with its own typical ecosystem of operation. When the ask from the CIO or CRO matches the insurance designed by the insurance provider, which can be aided by data analytics and artificial intelligence-powered systems, cyber risk management and operational resilience will be a greater reality. The exercise will provide security for the end-users, transparency and compliance for regulators, and a cyber-resilient market space for all stakeholders.