As a financial institutions (FI) underwriter with Travelers Europe, Sangeetha Mani (pictured) can attest that it is what makes working with financial institutions so fascinating that also intensifies the key challenges that they face. Working with these companies offers a dynamic experience, she said, and her responsibilities are a world away from the repetitive, boring tasks that she was warned can accompany a role in underwriting risk.
“I chose to work with financial institutions, because not every financial institution is the same and there are so many variations and compositions across this space,” she said. “Every risk I look at today as an underwriter is different to the ones I will look at tomorrow, and I enjoy that I get to learn something new every day. Of course, the best part of my job is working and socialising with the other underwriters and our broker partners. These are the little bits that bring life into the insurance profession.”
The variety that exists within financial institutions means that the challenges facing them are similarly wide-ranging, but a consistent concern being felt by many of these businesses is that of cyber risk. Cyber security concerns are especially relevant to these businesses due to the number and variety of external clients that they deal with. Whether taking the example of banks or insurance companies, Mani said, the confidential and highly sensitive data that these organisations hold about their customers and third-party partners is a pressing concern.
Casting an eye over some of the key cyber exposures they face, she highlighted ransomware, as well as how business email compromises can lead to data breaches. Meanwhile, distributed denial of service (DDoS) attacks can block financial institutions’ servers, bringing the business to a standstill. Other areas of exposure including phishing attacks, while cyber extortion is being heralded as the “new ransomware”.
“These are a few of their key exposures,” she said, “and I think financial institutions are more exposed than other companies because they don’t only have to protect their clients, themselves, their revenue, and their capital but they’re also exposed in other ways because they tend to rely on a lot of third-party providers… So, they are very vulnerable at the moment.”
The cyber risk challenges facing these companies are unfolding against the dual trials of a stringent regulatory framework and the serious implications of any reputational harm that comes from such an incident. And then, to cap this off, she said, there is the impact of the COVID crisis which has highlighted, and in many cases exacerbated, the cyber risk facing financial institutions.
“Recent research from the cybersecurity company VMware Carbon Black said that financial institutions had a 38% uptick in cyberattacks since February last year, after COVID,” she said. “It was 2% in 2017, so that’s a 238% uptick since then, which is pretty scary. And I think that this comes down to the fact that these cyber ‘bad actors’ have a wider target to aim at now that more people are working from home.”
Collaboration across Travelers is the solution to addressing such risks, Mani said, and in her own role she has seen firsthand how the FI team and the cyber team work in close collaboration to support clients who are seeking cyber cover. When financial institutions come looking for cyber coverage, the teams work to compile a product package relevant to that client. While the FI product addresses key protections such as professional negligence, D&O and fraud events, the cyber product offers liability cover, some regulatory proceedings, breach response, plus a variety of business loss covers, from business interruption to reputational harm.
“Every financial institution is designed in a very unique and separate way,” she said, “and we have a clear viewpoint of their different requirements and understand the complexity of their needs. So, for banks – if it’s a digitised bank that we’re dealing with then we look to concentrate more on factors like cyber extortion, computer fraud, etc. And then if it’s an asset manager, we would have an understanding of their specific requirements and where their key exposures lie.”
Mani’s key message to financial institutions is simple – buy standalone cyber insurance cover. In the FI space, she said, the team has seen cyber creep into the product across the market despite all the corrective actions being undertaken to pinpoint cyber insurance as a separate product. When cyber is embedded as part of another policy wording, it becomes challenging to understand what is or isn’t covered, which is why a separate cyber product is essential.
“In an ideal world, I would want cyber risk to be completely separated from the FI product but that’s not happening yet,” she said. “And that seems to be how the insureds are thinking at the moment that ‘oh, it’s all covered under the FI policy,’ but it’s not explicitly covered. And especially now, due to COVID where we have seen both the frequency and severity of cyberattacks on financial institutions increase, it’s essential for financial institutions to take note of that.
“This means taking out cyber insurance coverage as a separate product rather than banking on it being covered under a financial institution product or even a property product,” she said. “I think that’s something [the industry needs] to look into – to make sure everyone understands the need to cover cyber risk separately.”
Find out about the full range of cover Travelers Europe offers financial institutions here