Connect with us





By Piers Wilson, Head of product management, Huntsman Security


In recent years we’ve seen a huge financial fallout for organisations that have suffered large-scale cyber attacks; from the £500,000 slapped on British Airways for the 380,000 compromised card payments of customers, to the possible $915m fine that Marriott may face following the enormous data breach last year. These repercussions are only likely to worsen as the volume and severity of attacks increases. For instance, the General Data Protection Regulation (GDPR)’s arrival last year means that companies now face fines of up to 4 percent of global revenues or €20 million, whichever is greater.


In light of these risks, cyber-insurance is emerging as a safety net offering businesses protection if the worst happens. Far from being a luxury, there is every possibility that cyber-insurance will soon become a necessity for any organisation storing personal data. In the same way that drivers are required by law to have motor insurance, businesses may be obliged to have measures in place to guarantee compensation for customers left at risk by any data breach.


Eligibility: Proof is Paramount

Unfortunately, as with motor insurance, even if cyber insurance becomes an obligation, getting insured may be difficult or expensive. Insurance companies will only provide policies to organisations that are insurable; either through low risk, or because they are prepared to pay significant premiums. To lower their premiums, organisations will have to prove they are a low risk by taking sufficient steps to protect their sensitive data. Just as home and contents insurers require policy holders to have locks on all the doors and windows, businesses must be able to demonstrate that they have the appropriate systems and processes in place to protect their data.


However, anyone who has taken out home insurance will testify that there’s a big difference in premium between having a simple lock on a door, and having multi-point locks and a burglar alarm. In an age of organised cybercrime, state-sponsored cyber-attacks and advanced cyber-threats, merely having anti-virus software and firewalls is unlikely to be enough. Organisations should therefore consider reinforcing their current defences and adopting a more progressive approach to cybersecurity; in turn encouraging insurers to offer more affordable policies.


Shaping your premium

As when taking out any insurance policy, the first thing organisations will need to do is establish the exact risk they face in order to determine their premium. This is critical for two reasons. First, a more accurate assessment will allow a more accurate, and ideally better-priced, premium. Second, by auditing their defences in this way, organisations will face less risk that their claims will be refused if the worst eventually happens. Much like a driver who states their car is always parked in a locked garage will have a hard time claiming if it’s stolen from the street outside their house, organisations that are found to have over-stated their security capabilities could be in for a nasty shock.


At its most basic, any risk assessment needs to consider the kind of data that is being stored, and what level of security it is defended by. Identifying where the most valuable data resides will help predict where attackers are most likely to strike, and to thereby assess whether current security measures are strong enough. As part of this, organisations should also consider whether appropriate access controls are in place. For example, there’s no need for a receptionist to have access to sensitive financial data, so their privileges should not extend to that information.


Organisations will also need to demonstrate their preparedness in the event of an attack. The faster an organisation can react, and the more it can minimise any potential damage, the lower its premiums will be. For instance, businesses must have the ability to monitor their systems for any suspicious behaviour that indicates data is being accessed or used in ways that it shouldn’t; whether that is by an employee or by an unknown party. This capability can prove particularly useful in identifying potential threats before real damage has been done, safeguarding company data and helping to bring down cyber-insurance premiums by reducing impacts. With attacks showing no signs of slowing down, these processes should be automated as much as possible, otherwise the potential savings will be offset by the fact that security teams are dealing with a blizzard of alarms, both false and all too real.


Given that cyber-risk is increasing continually, those that choose not to insure against it risk leaving themselves, and thereby their customers, vulnerable to potentially catastrophic consequences. Organisations must recognise that an ounce of prevention is always better than a pound of cure, and while an insurance policy provides an indispensable safety net, they must focus on doing all they can to avoid becoming a casualty in the first place.


Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Augmented automated underwriting and the evolution of the life insurance market



By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions


It’s almost inevitable. Spend your working life identifying, analysing, quantifying and ascribing monetary value to risk, and you’re likely to have a fairly strong aversion to it. Or more accurately, an aversion to undertaking new endeavours with inadequately understood consequences. The insurance industry is, on any number of levels, the very definition of risk-averse.

And yet, for all the commentary suggesting otherwise, insurance still has an appetite for innovation. If the insurtech sector is any indication, then an interest in and requirement for new solutions is being recognised and slowly addressed.

Declan O’Neill

It may not employ the language of disruption that runs through the wider fintech market, it may be short a few unicorns and unable to boast some of the record-breaking funding rounds, but a quiet tech evolution has been building in insurance nonetheless. Hence the advent of automated underwriting facilitated by more advanced algorithms and data analysis.

Where insurtech does overlap with its more vocal fintech counterparts is in the greater use of artificial intelligence (AI) and machine learning to solve age-old problems around data analysis and interpretation.

It’s about five years or so since AI first became a topic of conversation in insurance. Since then, despite the intensity of the debate, it has often felt like a reality that is always just over the horizon – a destination that kept moving even as more and more efforts were directed towards it.

But recent research suggests that the journeys made so far have not been in vain. We are at a point where embracement of AI is about to step up a gear. The global value of insurance premiums underwritten by AI have reached an estimated $1.3 billion this year, as stated by Juniper Research; but they are expected to top $20 billion in the next five years. As a destination, it is closer and more attainable than ever before.

However, AI is not an island. Its promise of $2.3 billion in global cost savings to be achieved through greater efficiencies and automation of resource-intensive tasks will not be achieved in isolation.

AI remains part of a more complex ecosystem of data gathering and analysis. It can apply new technologies to get the best out of the already established and still-emerging data sources that feature in underwriting offices around the world. It emphatically does not require these existing investments to be ripped out, replaced or downgraded.

It is more helpful therefore to see AI as the differentiating factor in the latest generation of insurance IT: augmented automated underwriting, or AAU for short.

AAU gives underwriters the ability to spot patterns and connections that are, frankly, either invisible to the human eye or which take normal, human-assisted processes unfeasible amounts of time and resource to identify.

Whereas earlier generations of automation were able to pick up the low-hanging fruit of insurance markets – the individuals whose driving history fit into clearly delineated boxes, for example – AAU can take into account all of the rich complexity of the human experience. It can spot the nuances and individualities that populate the life market, for example, and translate those into accurate policies.

That’s good news for both underwriters and their customers. AAU can significantly reduce the need for separate medicals, repeated questions, lengthy decision-making processes, and drastically increase the speed at which a potential insurer can get a quote and cover – while continually improving the way risk is calculated and managed.

It can make sure the decision-making process remains in the hands of underwriters rather than IT departments, enabling them to set and update the rules and parameters as befits their preferred business model. It consequently makes advanced, complex and precise decision-making available to a broader range of underwriting businesses – which is good for those businesses, good for customers and ultimately good for the entire industry.

AAU – augmented automated underwriting – is an example of the realisation of AI’s promise. As such, it’s set to become one of the key talking points and disruptive technologies of the insurance industry. And this time, AAU is both a journey and destination that all progressive insurance organisations need to be considering for their future operations.



Continue Reading


Scaling securely in the automation-first era




By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk


Robotic process automation (RPA) has been one of the key technologies underpinning digital transformation and, since it first appeared on the market a few years ago, the market has grown substantially. Now expected to reach $11 billion by 2027, RPA helps organisations achieve the efficiency, accuracy and speed necessary to thrive.

By successfully supplementing rather than replacing human resources, RPA is empowering workers to use their experience and capabilities in a more engaging and beneficial way, rather than focusing on manual and time-consuming processes. For example, in the financial services industry, RPA bots are helping to do everything from streamlining manual underwriting processes and reducing fraudulent activity through to account monitoring and assisting with new customer onboarding. While this leads to numerous benefits for workers and employers, organisations need to be aware that RPA comes hand-in-hand with specific security considerations.

As with other new and powerful technological initiatives, RPA projects need to be approached with cyber security as necessary component. Doing so will allow organisations to deliver enhanced digital experiences both quickly and safely.


Brandon Traffanstedt

RPA advancement

Multiple industries have embraced RPA as a means of solving business problems. Yet, early implementations of RPA, namely semi-attended bots, necessitated human supervision, requiring a person to hit the ‘go’ button in order to accomplish a task and requiring the user’s digital identity to do so.

As organisations look to digitally advance however, ‘citizen developers’ or those who use low-code or no-code platforms to design their own automated processes have taken it upon themselves to push automation to the next level – entirely unattended robots.hese unattended robots though, require access to the same networks, systems, and applications as their human counterparts, including access to systems which require the highest level of privileged access. This access makes robot credentials and identities just as vulnerable to threat actors as those of human workers, and not effectively securing them provides opportunity for havoc.

The future of RPA then, has created a rift between security and automation teams. With security professionals demanding stricter measures and the latter struggling to implement them, many developers have been discouraged and ceased their creativity and innovation whichc is necessary to advanceing RPA technology. Those developers who have decided to continue in their pursuits and adopt non-approved RPA programmes however, have created gaps in their company’s cybersecurity.


Putting security first

Fortunately, there is a way to address security problems while still using secure unattended robots, allowing citizen developer innovation and without demanding additional work from the teams which organisations are wanting to free up. The solution is the automated and centralised management of RPA credentials.

All hard-coded privileged credentials are removed from robot scripts and replaced with an API call pointing to automatically rotated credentials maintained in a secure, centralised repository – rather than manually assigning, managing, and upgrading the credentials a bot needs to do its work. This ensures security mechanisms, such as multifactor authentication, password uniqueness and complexity requirements, and the suspension of privileged credentials are all consistently implemented.

It’s also good practice for security teams to ensure bots have their own unique identity credentials – similar to to limiting a human user’s access or rights to the bare minimum necessary for their work. This ensures non-repudiation and separation/segregation of duties, as well as limits access to the applications and databases bots need.


Liberating works and innovation

To truly unlock the citizen developer’s innovation and liberate workforces through RPA, organisations must adopt DevSecOps and bring automation and security together from the start. By engaging with security teams and professionals at an early stage, organisations will be able to effectively – and safely – scale the number of RPA bots in their organisation.


Continue Reading



Business2 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business2 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business2 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business3 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking5 days ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking6 days ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 107 days ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business7 days ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking1 week ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking1 week ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology1 week ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...

Finance2 weeks ago

Why leveraging strong identity verification is the key to remaining competitive for financial services

By Philipp Pointner, Chief of Digital Identity at Jumio   With the recent revelation that Facebook is allowing sales of...

Business2 weeks ago

AI and Super Apps to BNPL : How fintech can help the cost-of-living crisis

By Anna Porra, European Strategy Director at Marqeta   As the cost-of-living continues to increase, financial wellbeing is becoming a...

Interviews2 weeks ago

Interview with Devin de Vries, founder and CEO at WhereIsMyTransport

Where did the idea for WhereIsMyTransport come from? At WhereIsMyTransport, we are working to ensure that better data and technology...

Business2 weeks ago

Tips to Overcome ESG Data Selection Challenges

Gediminas Rickevičius, VP of Global Partnerships at Oxylabs   Environmental, Social, and Governance (ESG) guidelines promise better investment outcomes with...

Business2 weeks ago

The payments boom explained…  

Kosta Du   It has been clear for a while that we are quickly moving into a cashless society –...

Business2 weeks ago

Automation – the key to ensuring your organisation survives tough times and thrives

By Paul Sparkes, Commercial Director   Business is going to get tougher Your cashflow is under increasing pressure. The very...

Business2 weeks ago

How automated Digital Adoption Platforms (DAPs) improve customer engagement within financial services

By Khadim Batti, Co-founder and CEO of Whatfix   Automation is everywhere across financial services;. McKinsey notes that up to...

News2 weeks ago

Why Anti-Money Laundering is no longer just a tick box exercise

Tremors following Russia’s invasion of Ukraine have been felt around the world. At a time when customers are already demanding...