By Niall McConachie, regional director UK & Ireland at Yubico
To mitigate the potential reputational and financial implications of a cyberattack, CISOs should always be aware of emerging trends across the cyber threat landscape. With cyberattacks becoming increasingly powerful and complex, more and more organisations are considering cyber insurance – either for the very first time or for expanded coverage.
However, cyber insurance premiums are also becoming more costly, by 150-300 per cent in some instances. When approaching an insurer, applicants must do their due diligence before entering negotiations for better premiums on policies that will pay out in dire circumstances.
Considerations before opting for cyber insurance
Most cyber insurers operate by assuming that data breaches are rare events, and only pay out in the most critical cases. However, reports reveal that over 81 per cent of UK businesses were targeted by at least one cyberattack within the last year. With the increased volatility and frequency demonstrated by today’s cyberattacks, insurance providers have also increased the costs of their premiums, needing to offset surges in customer policy pay-outs. Cyber insurance pricing in the UK has consequently increased by 20 per cent thus far, and is only expected to rise.
The value of cyber insurance should not be underestimated, as policies can be a determining factor in ensuring the continuity of a business. However, insurance policies only help to recuperate financial losses following a cyberattack and do not offer cybersecurity preventative measures. Therefore, it’s the customer’s responsibility to implement the measures needed to thwart an emerging attack from the start.
Insurance applicants with proof of robust protections already in place will be offered a lower premium than other applicants, as they are less likely to make a claim soon after. Therefore, organisations looking to take out cyber insurance coverage should first consider these six factors to successfully prevent a cyberattack from occurring.
- Protect the remote workforce
There are more employees working from home than ever before, on either a hybrid or fully remote basis. Subsequently, the decentralised security which resulted from these work models has caused the number of emerging attack vectors to soar. This has not been ignored by cyber insurers. Cybercriminals are not shy to prove just how advanced their attack capabilities truly are, with hackers no longer breaking in, but simply logging on via stolen login credentials. In fact, weak and stolen login details contribute to over 80 per cent of successful cyberattacks. Thus, CISOs must think beyond firewalls, web proxies, and data protection. Instead, robust multi-factor authentication (MFA) should be the way forward to ensure the protection of remote workers.
- Be aware of policy changes
With customer policies, cyber insurers will avoid paying out large sums – or at all, if possible. To prevent this, it’s important to document the downtime and all losses from the first instance of a cyberattack or security-related event. Insurance providers will also want to reduce losses of their own. In doing so, insurers may allocate items of a protection policy into specific categories such as identity protection, hardware and system replacements, ransomware pay-outs, and losses due to downtime. Before, these categories would have been offered as one customer package. However, nowadays, it is customary for these items to be separated. This prompts insurance agencies to spread the risk through reinsurers, making cyber insurance policies even more difficult to navigate as a result.
- Last-minute security initiatives
If an organisation needs cyber insurance quickly, there may not be enough time to go through a full round of security updates. Alternatively, organisations in these circumstances can implement quick cybersecurity initiatives to include in their applicant profiles. These last-minute initiatives can include improved cybersecurity measures, implementing MFA solutions, or enforcing business-wide cyber training.
- Execute a business-wide review
According to the US’s National Institute of Standards and Technology (NIST) Risk Management Framework, cyber risk evaluations must be scheduled regularly to review any internal and external threats. This process should incorporate a thorough assessment of all user permissions, including IT administrators and critical staff. It’s also important to decide what the most valuable data is and focus cybersecurity efforts on security breach cases that are most likely to occur.
Implementing business-wide MFA should be the minimum objective when performing a cybersecurity review. Following a thorough review, applicant organisations should share the detailed results with the insurer, as this will position the organisation more favourably to negotiate their coverage premiums.
- Passing the insurer’s requirements
Most often, cyber insurers will require a cyber vulnerability evaluation by applicants to assess any existing security gaps and other possible concerns. As global governments continue to implement additional cybersecurity regulations, the use of usernames and passwords will no longer be enough to pass minimum cyber insurer requirements or new de facto industry standards. Previously, the minimum applicant requirement was met with just a CISO’s signature to verify that standards were being followed. This is no longer the case as insurance companies now require more exhaustive processes – especially when it comes to higher-risk or higher-liability policies.
- Ensuring a policy pay out
It is important for applicants to follow best practices to ensure they have a complete understanding of what the insurance policy will involve and that their most critical assets are insured appropriately. Therefore, organisations should review all proposed insurance policies with the same amount of scrutiny as the insurer may have when assessing new customers.
Additionally, applicants should be wary of generic cyber insurance policies, as the insurer may have their own set of specific cyberattack scenarios, how they may occur, and what attack vectors they should be aware of. Here, enlisting the help of a qualified legal consultant familiar with cyber insurance policies can greatly benefit applicant organisations. With a consultant’s help, stakeholders can set their own specific cybersecurity vulnerabilities to be covered by insurance.
Organisations should only sign an insurance agreement with full confidence in their decision. Only once the specifics of the policy are understood and accounted for can the applicant organisation make an informed decision about which cyber insurance policy is truly right for them.
The Importance of Digital Trust in Banking and Finance
By Maeson Maherry, COO at Ascertia
With the rising adoption of eSignatures and the acceleration of digital transformation, trust in digital systems is more important than ever before. As a recession looms, the ability to trust digital systems is critical to the stability and security of the banking and finance industry.
So, what should businesses prioritise in an increasingly online world? Information security, data integrity, and digital trust are crucial for ensuring regulatory compliance and customer satisfaction.
Digital trust is empowering banking and finance institutions to effectively tackle issues of identity theft and fraud.
What is digital trust?
On the surface, digital trust refers to a digital system or platform that is secure and can be relied upon to protect and properly handle sensitive information.
Building the confidence that people have in digital systems, platforms, and technologies to handle their sensitive information, protect them from fraud, and function as intended is paramount for decision-makers going forward.
Trust online encompasses various aspects, such as data security, privacy, authenticity and reliability. Digital trust also involves assessing the trustworthiness of digital entities such as websites, apps, and online services, as well as the trust in the integrity and reliability of digital communications and transactions.
Digital trust is a key element of digital transformation, the additional step to ensuring the digital systems in place are secure. This can include the following:
- Online banking platform for customers
- Digital document approvals and workflows
- Secure digital signature solutions
- Know your customer (KYC) checks
- Electronic anti-money laundering procedures
Why is digital trust important for banks?
One of the main reasons why digital trust is so important in banking and finance is that it helps to tackle issues of identity theft and fraud. Customers and regulators require reassurance that personal and financial data won’t fall into the wrong hands. This includes customer statements, investment authorisations, legal records and customer personal data.
Online banking is now well established but the technology continues to evolve and so do the potential threats to data security. With phishing and other identity theft a daily concern, establishing digital trust in the industry is key.
Digital trust provides a means to trust in the identity of a person or document online, to the same degree as meeting or signing in person. This requires additional checks and layers of security to verify identities and the security of documents.
The role of eSignatures in banking
Digital trust is vital in the secure implementation of eSignatures.
In the banking and finance industry, eSignatures are becoming increasingly popular as they allow for transactions to be conducted quickly and securely. However, for eSignatures to be effective and to provide digital trust, all parties involved must trust in the transaction. This is done by ensuring eSignatures are valid and that the person signing the document is who they claim to be.
There are global standards to ensure the authenticity of eSignatures for digital signing. This means there is a way to validate the digital trustworthiness of eSignatures if implemented and used in a manner that meets certain criteria for security and authenticity.
For instance, digital signatures that are compliant with internationally recognised standards, such as eIDAS (Electronic Identification and Trust Services) in Europe, can be considered digitally trustworthy. It’s important to understand not all eSignatures provide the same level of security and to ensure the correct eSignature is used for the purpose and security required.
eSignatures that use advanced digital signature technologies such as Public Key Infrastructure (PKI) or biometrics, can be considered more digitally trustworthy as they provide a higher level of security and authentication.
These technologies use cryptographic methods to ensure that the signature is unique to the signer and cannot be replicated or forged. These standards establish a legal framework for the use of electronic signatures and ensure that they are legally binding, enforceable and offer the same level of trust as traditional signatures.
How does digital trust prevent fraud?
If the public loses trust in digital systems, it could lead to a loss of confidence in the financial system. Fraud, in particular, is at the forefront of public concerns.
Digital signatures are well positioned to offset the risk of financial fraud, largely due to three critical factors when assessing the digital trust of an eSignature:
- Authentication: To verify the identity of the signer, eSignatures employ sophisticated technologies such as PKI. This confirms that the person signing the document is who they say they are and aids in preventing fraud through impersonation.
- Tamper-evident: Tamper-evident features are often included in high-trust eSignatures, which identify if a document has been changed after it has been signed. This helps to prevent fraud by identifying manipulated papers and giving an audit trail of the signature.
- Compliance: International standards such as eIDAS ensure that eSignatures are legally binding, enforceable, and provide the same level of trust as traditional signatures.
The banking industry specifically will benefit greatly from investing in digital trust ecosystems that include eSignatures, biometrics and encryption software to provide verification and assurance for customers.
In the future, financial institutions will adopt Know Your Transaction (KYT) as a means of implementing cybersecurity measures at the transaction level in their banking protocols.
By utilizing digital signatures at the transaction level and verifying them upon receipt, the financial industry can achieve KYT, ensuring that the source of information is under the control of the endpoint and that transaction information has not been tampered with.
This level of security will be a crucial aspect of achieving digital trust in the financial industry moving forward.
How banks can help customers during the cost of living crisis
Lavanya Kaul Head of BFSI, UK & Ireland, LTI Mindtree
Surging energy and food prices are significantly driving up household expenditure, which means living standards in the UK will fall to 2.2% this year, according to the Office for Budget Responsibility. This is the biggest drop in any single financial year since the records began in 1956-57.
It’s a tough situation for many consumers who are still struggling with financial hardship following redundancies and pay freezes from the pandemic. According to TSB’s Money Confidence Barometer, 82% of people have experienced an increase in the day-to-day cost of living. This resulted in almost a quarter of them using their savings, while one in five changed their usual spending habits and behaviours.
As the financial situation worsens, consumers are increasingly relying on their banks for help and support. But, while banks can’t control inflation, energy or food prices, they can play a more supportive role by adapting their services to offer stronger customer service, better tools for financial management and be more flexible with loan repayments.
Strengthen customer service with intuitive AI solutions
Since the pandemic, consumers have changed the way they bank, using more mobile apps for primary banking rather than going into physical branches. This provided an opportunity for banks to accelerate their investment in digital services including automation and offer customers more support during the cost of living crisis.
Effective tools include AI-powered chatbots which respond intelligently to customer enquiries to quickly help troubleshoot problems and provide useful advice. But to be successful, you need to ensure you strike the right balance between an efficient and convenient process and creating a personalised experience. Customers need to feel like you understand and care about their problems and are here to help, rather than just fobbing them off with a monosyllabic bot. To avoid this, banks need to embrace intuitive AI solutions to ensure that empathy comes across in all automated interactions with customers. While doing that, messaging is key. In times of stress, we don’t function as well and financial struggles are a huge stressor. The clearer the message and the simpler the instructions, the better.
Financial education, when combined with technology solutions such as open banking, can offer more long-term solutions for people to navigate their finances. This can help put more information into the hands of the consumer to help them grasp their financial situation better. Some banks have cracked this with innovative solutions like HSBC’s Financial fitness score tool that can analyse your money habits and signpost you towards ways to improve your financial health. This may include joining one of the financial education webinars run by the bank or having a ‘financial health check’ with a member of staff.
Launch money management features & apps
Introducing money management features and apps to increase the visibility of a customer’s financial situation, empowers them with the information they need to make smarter choices.
TSB offers Spend & Save and Spend & Save Plus current accounts which include a savings pot that enables customers to put extra money aside when they can and an auto-balancer feature that automatically transfers money from the savings pot into their current account if their balance falls below a certain level. This allows them to start building up savings and protects them from unnecessary overdraft charges.
Personal financial management (PFM) apps also help customers get a better understanding of their finances. These connect with a customer’s bank account and enable them to keep a close eye on their spending habits and track upcoming bill payments. An example is Prism, a PFM app which allows customers to manage bill payments by sending them reminders about due dates. It also provides a summary of their income, account balance and monthly expenses at a glance, therefore consolidating all their financial information in one place and saving time on bill payments.
Lloyd’s Banking Group and HSBC launched a subscription management tool for all customers on mobile, allowing them to see and cancel recurring card payments for things like TV subscription services. HSBC says that during the first quarter of the year, it led to customers dumping around 200,000 subscriptions.
Introduce payment holidays
While improved customer service and financial management tools are important support tactics, they might not be enough for more vulnerable customers. For example, those who are about to default on mortgage payments or loans due to redundancy or periods of ill health need banks to do more, like offering payment holidays. Banks relaxed the rules for payment holidays during the pandemic, so they should consider doing it again to help more vulnerable customers through the crisis. Customers need to understand that they are not alone when experiencing financial difficulties and that help is available
Ride out the crisis together
As inflation reaches a 30-year high, customers are now more reliant than ever on banks for guidance and support. But to provide the right level of service, they need to move away from their traditional ways and behave more like technology companies by embracing automated solutions to create the right products and services for customers. Then layer on top of that the need for more personalised and empathetic customer interactions, as well as consider additional support for more vulnerable customers.
While we don’t know how long the cost of living crisis will last, what we do know is that the pressure on household finances is likely to get worse before it gets better. Therefore, banks need to step up, be the supportive partner and do whatever they can to help customers. After all, the only way we can ride out the crisis is by supporting each other and working together.
How FS organisations can utilise data to boost customer experience
Charles Southwood, Regional VP and GM – Northern Europe and Africa at Denodo We’ve all heard the age-old adage “the customer...
The Evolution of SoftPoS in 2023
By Brad Hyett, CEO of phos Contactless payments and digital wallets have surged in popularity in recent years. Part of...
The Importance of Digital Trust in Banking and Finance
By Maeson Maherry, COO at Ascertia With the rising adoption of eSignatures and the acceleration of digital transformation, trust...
Taking Financial Services to the Edge
Authored by Pascal Holt, Director of Marketing, Iceotope Edge computing, cloud, and AI are changing the competitive landscape for...
Accounting Automation in the Future
Accounting automation is the process of streamlining repetitive tasks in financial processes. For example, some processes like invoicing are time-consuming...
How banks can help customers during the cost of living crisis
Lavanya Kaul Head of BFSI, UK & Ireland, LTI Mindtree Surging energy and food prices are significantly driving up...
Weathering the economic storm in 2023
Nikki Dawson, Head of EMEA Marketing at Highspot New year, new business challenges. When it comes to creating and...
Three ways data can help financial organisations thrive in today’s economy
By Rinesh Patel, Global Head of Financial Services, Snowflake Financial organisations are caught in the middle of an ever-evolving...
What is the right strategy for the end of money?
By John Barber, VP & Head of Europe at Infosys Finacle More than five thousand years ago, humans replaced barter...
2023 – what will happen in the payment world?
Tommaso Jacopo Ulissi, Head of Group Strategy, Nexi Group 2022 was a year of transition for consumers, as BNPL (Buy...
2023 crypto trends that businesses need to know about
By Marcus de Maria, Founder and Chairman of Investment Mastery As cryptocurrencies have started to enjoy wider global acceptance...
Defining Fraud in 2023
Scott Buchanan, Chief Marketing Officer at Forter Fraudsters are fluid — they constantly experiment with new tactics to find cracks in...
How accounting software may hold the key to keeping on top of credit control
By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. One of the first rules everyone learns about...
Coreless Banking: How banks can thrive in 2023
Hans Tesselaar, Executive Director of BIAN In recent years, banks have faced immense disruption and struggled to transform with...
Will cyberattacks be uninsurable in 2023? Three steps that financial organisations can follow now
By James Blake, Field CISO of EMEA, Cohesity The growing number of cyber attacks and subsequent damage has led...
Why Financial Services Institutions must de-risk the customer journey in 2023
By Perry Gale, VP EMEA at Cyara From rising interest rates, to the cost-of-living crisis and the ongoing recession,...
Why finance needs a technological leap in fraud prevention
Brett Beranek, VP & General Manager, Security and Biometrics at Nuance Communications Banking fraud is always a punishing experience for...
How Banks Should be Future-Proofing Themselves
By John da Gama-Rose, Head of BFS, Global Growth Markets, Cognizant Businesses across the world are facing a combination of...
The Promise of AI in Financial Services in 2023
By Kevin Levitt, Global Industry Business Development, Financial Services, NVIDIA As we enter the new year, many are left...
What to expect from banking and payments in 2023
Michael Mueller, CEO, Form3 The banking industry went through a number of significant challenges in 2022. The steep increase...