Why do some customers choose one bank over another? Is it because of quality of service? Wide coverage of ATMs? While most do value both of these, neither one is the leading consideration. Customers rely on banks to deploy first-class security measures to safeguard their most valued possessions and financial assets, making trust the most critical component when deciding on who to bank with. When a financial institution falls victim to a data breach or cyber attack, there may be irreparable damage to the foundational trust that underscores the customer-bank relationship.
In 2019, the major financial corporation Capital One experienced a major data breach that impacted 100 million individuals in the United States. According to Reuters1, this event resulted in an $80 million penalty and customers leaving their platform. The damage was widespread, affecting the business both financially and reputationally. Capital One had $400 million in cyber insurance2, so they were able to avoid severe repercussions — but the outcome could have been very different if they had not.
What is Cyber Insurance?
Cyber insurance — or cyber liability insurance — is a form of insurance that reduces the financial repercussions from data breaches and cyber attacks. When an organization experiences a cyber attack, cyber insurance helps cover the costs associated with:
- Notifying your customers about the cyber breach through public relations
- Restoring personal identities of customers
- Recovering compromised data
- Repairing damaged computers and devices
- Retaining legal counsel
As a bank, is cyber insurance worth it? You may be thinking, "what if I never experience a cyber attack? Aren't I wasting money and time to get cyber insurance?" Given the banking industry experienced a 1318% increase3 in ransomware attacks throughout the first half of 2021, cyber insurance is becoming less of a cautionary measure and more of a best practice. Also, having cyber insurance can reduce cyber risk, and, perhaps even more importantly, maintain the trust you have with your customers.
Why Should Banks Invest in Cyber Insurance?
Banks continue to be a major target for cybercrime. They hold crucial personal identifiable information (PII) like Social Security numbers, credit card information, and payment histories. They're responsible for safeguarding these assets, and if they don't, it can lead to loss of trust with customers and astonishing costs. For banks, the total cost from a single data breach averages around $5.72 million per incident4.
Banks should be worried about the drastic increase because their networks are interconnected — so if a hacker compromises one bank, there's a 38% chance5 that the cyber attack will affect another nearby. Although not all attacks are successful, the massive rise in attempts means banks must be prepared for a worst-case scenario. This is where cyber insurance comes in, uniquely helping to:
- Identify vulnerabilities and cyber risk based on a bank’s security controls.
- Gauge what level of coverage is available based at what cost.
- Give banks recommendations and advice on implementing solutions to reduce cyber liability and increase coverage approval chances.
How to Get Approved for Cyber Insurance Coverage
As the cybersecurity landscape continues to evolve, cyber insurers will change policies and requirements for customers to receive coverage. As a bank, this means you must adjust and improve your cybersecurity strategy to consistently meet updated standards set by your insurer.
According to Woodruff Sawyer6, cyber insurers require some key capabilities and practices, which are listed in the table directly below.
Remember, your customers would not and should not trust you to safeguard their assets if your security strategy is a weekly patching and a single administrator password. Do more than the bare minimum - protect their valued assets and personal information with the highest level of security to maintain the highest level of trust.
What Else Should I Do to Further Protect against Threats?
While you can follow the specific security controls that your insurer requires, your bank should also have these other crucial measures in place.
Multi-factor Authentication is an authentication process that enhances login security by requiring users to verify their identity with more than just a username and password. MFA is crucial to strengthen cybersecurity. Having it - and other - security controls in place can make acquiring cyber insurance much easier.
Adding Identity-Bound Biometrics (IBB) can enhance your MFA solution. IBB is the only way to positively identify an individual is who they say they are, as other security controls only verify the user's token, device, or phone. Because IBB is connected to a person's digital identity, adding this to your MFA solution can enhance security controls. With IBB and MFA, you will maintain the trust with your customers that you can with confidence secure their financial assets.
Adopting Adaptive Authentication
Alongside MFA and IBB, banks should be implementing adaptive authentication. Adaptive authentication can bolster security protocols while improving the login experience for your bank staff. By using factors such as location, time, and IP address, adaptive authentication can measure risk around your bank staff's login.
For example, if one of your staff members logs into their account outside the work hours or from a location far from their bank, then the login process will be more difficult and may require two or more methods.
Having adaptive authentication simply makes the log in process easier to use and harder to hack.
Cybersecurity is as strong as your weakest link. Unfortunately, bank employees are typically the weakest link, often working around new security protocols instead of adopting them. It is your responsibility to teach your employees about the best practices and educate them about the "why". All it takes is a single successful phishing attempt to breach your bank's data, but if your employees are educated on the risks and well-versed in the proper protocols, the chances for a harmful attack can drastically decrease and you can keep that crucial trust with your customers.
The Path to Cyber Insurance Starts with MFA
No matter if it's Capital One or any other bank, the banking industry has experienced a drastic increase in cyber attacks over recent years. As we're seeing this uptick, customers are valuing trust in their banks more so than ever to safeguard their assets. The first step in maintaining that trust starts with cyber insurance coverage. So, where do you start? There is a lot of information around cyber insurance, what you need to qualify for cyber insurance, and what it can do for your financial institution. Getting cyber insurance starts with implementing a strong security control like multi-factor authentication, and you can start right here.
Getting ready for cyber insurance starts with implementing a strong security control like multi-factor authentication, and you can start right here.
1Capital One to pay $80 million fine after data breach | Reuters
2Capital One data breach puts $400m insurance tower on-watch - Reinsurance News
3 Attacks Surge in 1H 2021 as Trend Micro Blocks 41 Billion Cyber Threats - Sep 14, 2021
4The Impact of Cyber Insurance on the Financial Sector - PaymentsJournal
5Cyberattacks and the Risk of Bank Failures (investopedia.com)
6Critical Cyber Security Controls for Insurance Renewals | Woodruff Sawyer