Innovation of data-driven frameworks has given rise to automation. Manual and repetitive tasks are completed by technology, meaning employees must be reskilled to focus on analytical, creative, and strategic activities.
Meanwhile, a rapid shift to remote working has increased insider risk alongside adverse events caused by malware, ransomware, and other pernicious attacks. In particular, ransomware activity has been elevated from a frequency and severity basis as malicious actors have realized that this attack vector allows for an expedited path to profit when compared to legacy data breach trends. Technological and cyber risks can manifest in many ways:
- Business disruption - trading, brokerage and asset management operations, all underpinned by technology and connectivity to third-party networks, can present significant business continuity and profit and loss exposure to banks.
- Evolving privacy regulatory environment - banks are still adapting to new regulations – such as GDPR – and secular changes to trading and capital markets businesses. The penalties and ongoing damage sustained by data loss and information exposure are increasingly severe.
- Third-party risk – malicious actors are targeting key vendors of financial institutions as a means of a point of entry into a firm’s network or classified data.
- Elevated target profile - regulatory and monetary loss exposure continues to increase as bad actors, criminals or nation-states initiate misappropriation of firm financial assets (e.g. money and securities) or a client's financial assets in the firm’s care custody and control through phishing, malware, email hijacking and other tactics.
- Internal system failures - although recent incidents have proved that outside actors remain a major threat, some of the largest losses suffered by financial institutions originate from within, rather than outside the firm. Cyber and technology resiliency is as critical as data security.
A key consideration in any cyber risk discussion is thoughtfully evaluating how much risk to retain and how much to transfer. In addition to traditional benchmarking to support the above risk transfer solutions, Aon has robust quantification and assessment tools that work with firms’ operational and technology risk teams to helps craft, map and stress-test insurance solutions against internal scenario analysis. With these data-driven insights, financial institutions are able to make informed decisions about capital modelling, mitigation and risk transfer.
With access to tailored solutions and industry expertise, financial institutions are well-positioned to navigate the rapidly changing technology and cyber landscape, with confidence.