Cyber Liabilities in the Financial Sector

February 24, 2020

Across industries, cyber crimes are on the rise. As businesses shift to digital systems for managing data, personnel, and customer records, cybercriminals have increasingly targeted these systems. The financial sector was especially hard-hit in 2019, with numerous highly-publicized data breaches and cyberattacks well in excess of any other industry. U.S. Risk Underwriters, a specialty provider of risk management solutions for various industries, believes that financial institutions need to understand cyber liabilities to better protect their assets and their customers’ sensitive data from loss. By understanding the risks, financial firms can implement the risk management solutions needed to reduce exposure to cyber threats.

Cyber Attacks on Banking Institutions

Attacks by cybercriminals on the financial sector have increased in recent years, and have accounted for billions of dollars in losses. This sector was the target of over 25% of all malware attacks in 2019, well above percentages in any other industry. Attacks have ranged from relatively small to those that have national or even international ramifications. Two attacks on a smaller bank in Virginia in 2016 and 2017 netted criminals over $2 million alone; criminals were able to gain access to customers’ debit card numbers, allowing them to make unauthorized ATM withdrawals across the United States.

Money is not the only target of criminals – consumer data is often just as lucrative. Financial institutions such as JPMorgan, Heartland Payment, and credit monitoring giant Equifax were all targeted by cyber criminals within the past decade, resulting in the theft of hundreds of millions of customer records. Industry analysts have calculated the per-record cost of losses at $336; when millions of records are stolen in a cyber breach, the numbers add up quickly. In addition to the records themselves, totaling billions of dollars in losses, companies victim to cyber criminality must often pay for forensic investigations, consumer credit monitoring, and regulatory penalties, costing millions of dollars more each year.

Common attacks against financial institutions include:

• Malware/Trojans: Illicit programs or code inserted into banking computer systems, including mobile banking apps and ATMs.
• Distributed Denial of Service (DDoS): Flooding banking systems with fake requests, in effect making the whole system come to a grinding halt and interrupting business continuity.
• Ransomware: Attackers hold data hostage with release contingent upon payment of a ransom fee.
• SMS verification code intercepts: Criminals gain access to customer accounts by intercepting the verification codes sent by text during mobile banking operations.
• Social engineering hacks: Criminals posing as fellow employees convince banking officials and clerks to reveal system passwords, allowing these criminals to gain access to internal computer systems.
• Card skimmers: Devices used to steal customer data from magnetic strips on ATM cards.

Fighting Cyber Criminality in the Financial Sector

The foundation of any risk management strategy in the business world is liability insurance. Financial institutions are no exception; they rely on general and professional liability insurance to cover against many risks. Cyber liability insurance is a more recent development, with hundreds of insurers and brokers, including U.S. Risk Underwriters, offering this unique form of insurance protection. Cyber liability insurance covers losses associated with data breaches or monetary theft resulting from cyber criminality, and the recovery efforts needed to protect consumer data. These policies typically also include coverage for business interruption.

Financial institutions like banks and investment firms need to implement other risk management strategies in the face of cyber threats. These strategies can include:

• Routine monitoring of computer systems for unauthorized access.
• Updating hardware and software to the latest security standards.
• Implementing multi-factor authentication protocols for mobile banking apps and online banking services.
• Adding new technologies, such as chip cards and dynamic customer verification, to thwart criminals.
• Training employees on safe computing practices, including avoiding falling for phishing or social engineering hacks.

With a proactive approach to security, and with the protection of cyber liability insurance solutions by U.S. Risk Underwriters and other insurance firms, financial institutions can work to prevent expensive losses related to computer crimes. The annual savings alone make it worthwhile to pursue cyber security in the financial sector – companies may save millions or even billions of dollars while maintaining consumer trust in these important financial institutions. ◼