As Desjardins deals with the fallout of a massive data breach and intensified scrutiny from privacy regulators, the rest of Canada’s financial institutions (FIs) should be warned – the cyber risk looming over them is very real.
Beazley’s breach response team has been collecting data on the FI space for many years, and their experts have noticed that malware, cyber hacks, and social engineering have increased across the board for financial institutions.
“Hacks and malware accounted for 47% of breaches for financial institutions in 2018,” said Priya Vansh (pictured), Beazley’s management liability underwriter and FI lead in Canada, adding, “It hits an institution, it’s an immediate headline in the newspapers or social media, and that type of publicity resulting from some sort of breach can lead to a massive reputational risk that a financial institution then has to manage through – and those costs can be expensive.”
Part of the reason for financial institutions’ cyber exposure has been the emergence of fintech, which has changed the way organizations are doing business.
“That’s shifted the traditional banking environment – it’s shifted how everyday investments for everyday clients are being transacted,” said Vansh. “With the emergence of technology, the speed at which deals are going through are faster than ever before. If you look at PE firms or traditional advisory-type services, technology has helped them to seek their clients, to close deals, and to provide advisory services in non-traditional ways. With that comes the shift in the risk exposure [to] cyber breaches, cyber losses, and fraudulent instruction.”
To help in the cyber battle, Beazley recently launched a suite of products designed to protect Canadian financial institutions from evolving risks in the business and regulatory environment. The solution includes policies for cyber, professional liability, D&O for senior staff, and crime.
Today, the theft of money or securities that’s addressed by crime coverage encompasses more than the dollars sitting in a bank account.
“The definition of securities in and of itself has evolved, where it’s not necessarily the dollar that we’re holding – it could be bitcoin or any type of digital currency, which is something that institutions have to learn, and have to be able to educate their clients on and get comfortable with,” explained Vansh.
Event-driven litigation involving FIs has also been on the rise. Executives at all firms are more aware now than they have been in the past that any type of incident occurring within their organization can have an immediate and detrimental effect on their brand, according to the Beazley expert.
“If you think about the fraudulent instruction losses, cyber losses, poor investment advisory services, and even moving to employment practice-type claims, including diversity and inclusion, all the way to MeToo allegations, those are all representative of what financial institutions are facing,” she said. “By virtue of them being more out there with the media, financial institutions become a natural target for any type of fraudulent instruction loss or cyber hack.”
To manage the exposure to these new threats, tailored insurance solutions that cover off multiple policies potentially impacted by one event are crucial.
“Financial institutions can be more proactive in handling cyberattacks and be more aware of where they are exposed from a technology perspective,” said Vansh. “Beazley has been able to provide them an opportunity to look at their insurance as a wholesome package where they can naturally marry the D&O, the E&O, the cyber, the crime, and the EPLI, because an incident in any one of those areas could impact three or four policies at once.
“The banking industry in Canada is quite strong and we’re still being exposed, whether it’s a small investment advisory shop or the large banks. These are things they’re seeing daily and the insurance policies do need to respond.”