Connect with us

Business

Will cyberattacks be uninsurable in 2023? Three steps that financial organisations can follow now

Source: Finance Derivative

By James Blake, Field CISO of EMEA, Cohesity

The growing number of cyber attacks and subsequent damage has led to an increasing demand for cyber insurance. Swiss Re Insurance expects total premiums paid to more than double from $10 billion from 2020 to $23 billion by 2025. But this is being questioned by both insurance companies and by customers: is insurance effective, is it feasible, what does it cover and what does it enable?  The CEO of Zurich Insurance, Mario Greco,  said in an interview with the Financial Times recently that cyberattacks will soon become “uninsurable”. Indeed, insurance and prevention have both proved ineffective in stopping cyberattacks like ransomware or in enabling organisations to recover afterwards. Instead organisations must shift their focus onto recovery, What can companies do to meet this challenge? James Blake, Field CISO of EMEA at data management and security provider Cohesity, has three recommendations.

More than 400 million US dollars – that’s how much damage the data leak at Capital One caused in 2019. And the number of such attacks, which have catastrophic consequences for the companies affected, has continued to increase since then. According to Check Point, in the third quarter of 2022 alone, global attacks increased significantly by 28% compared to the same quarter of the previous year.

Where cyber risk used to be limited to areas such as data breaches and third-party liability, ransomware attacks have shifted the damage to core business and accountability. Cyber insurers had to react to the increased risk and have adjusted their offers, as an analysis by Swiss Re Insurance shows. According to PWC, from the insurer perspective, the fast-increasing frequency of ransomware attacks (and the growing associated impacts and ransom demands) and business interruption claims has resulted in cyber becoming a less profitable area of insurance in recent times. The situation has stabilised over the past year as customers have had to pay higher premiums and meet stricter terms and conditions. Swiss Re Insurance expects total premiums paid to more than double from $10 billion to $23 billion by 2025.

More expensive and more difficult to qualify

This is bad news for the financial industry, as insurers are becoming stricter and asking for higher premiums. Cohesity’s legal experts looked at the leading ransomware insurance policies on the market at the end of 2022 and found that ultimately, such guarantees are little more than thinly veiled limitations of liability that benefit the providers – not the customers.

However, there are some measures that companies can use to protect themselves effectively in this new market situation:

  1. The 3-2-1 strategy remains current: keep an isolated copy of the data

In some cases, organisations are required to quarantine an offsite copy of their production records as part of a 3-2-1 strategy to qualify for cyber insurance.

To do this, they can use a SaaS service which keeps an encrypted copy of the production data in the cloud, isolated by a virtual air gap. The data stored there is monitored with multi-layered security functions and machine learning, and anomalies are reported immediately.

  1. Tear down silos and merge data with zero-trust in mind

In general, financial organisations should consolidate all their distributed data on a scalable data management platform and ensure they can backup their data across all their infrastructure and assets. Furthermore, the data must be protected in a zero trust model, where the data is encrypted during transfer and on this storage, access is strictly regulated with rules and multi-factor authentication. In addition, all data stored in it can be managed according to compliance requirements and, thanks to immutable storage, is better protected against ransomware.

  1. Improve collaboration between IT and SecOps teams for cyber resiliency

In addition to these technical measures, financial organisations should optimise the collaboration between their IT and security teams and adopt a data-centric focus on cyber resilience. For too long, many security teams have focused primarily on preventing cyberattacks while IT teams have focused on protecting data including backup and recovery.

A comprehensive data security strategy must unite these two worlds and IT and SecOps teams must work together before the attack takes place. Both teams should be guided by the NIST framework. This holistic approach defines five core disciplines: Identify, Protect, Detect, Respond and Recover.

If a financial company can demonstrate such a mature data security strategy, this will not only have a positive effect on insurance cover, but will generally reduce the risk of incidents and possible consequential damage through failure or data loss.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Enhancing sustainable commitments in retail banking

Source: Finance Derivative

Mikko Kähkönen, Head of Payment Cards Portfolio at Giesecke+Devrient

Today, more consumers are keeping environmental pledges from banks at the forefront of their financial decisions, and those banks that fall behind their competitors on sustainable action are risking the loss of customers, particularly among the younger generation. This shift highlights a growing expectation from consumers for their banks to make and uphold sustainable commitments, signalling a change in consumer priorities where environmental responsibility is increasingly seen as essential, not just an optional extra. Giesecke+Devrient research shows that as many as 64% of Gen Z consumers would be happy to switch banks if their current provider didn’t meet their expectations.

However, sustainable commitments must be authentic to avoid any accusations of greenwashing. Unfortunately for the banking sector, consumer trust is being strained as greenwashing incidents have risen by 70% around the world. Banks can’t simply make claims that can’t be backed up; pledges must be supported by evidence. There’s a number of practical steps they can take to prove their credentials.

Banking on the evolution of cards

The bank card has increasingly become a physical symbol of the relationship between consumer and bank. As such, banks have taken steps to ensure that it is designed with sustainability in mind. Many are now created with recycled PVC material, commonly up to 100%, with a lower carbon footprint.

Some banks are elevating their sustainable credentials by utilising cards that are made from plastic collected in oceans and coastal regions, helping to clear up the world’s beaches. Alongside this, others are issuing cards made of polylactic acid sourced from (inedible) corn starch. This is a fully renewable biomass that could be industrially composted.

Sustainable cards can then encourage further sustainable initiatives. We’re more often seeing issuers now actively taking part in local conservation, community development and educational projects around the world to help benefit the planet. Communicating these efforts to customers can help reinforce sustainable credentials and leave tangible evidence that proactive action is taking place.

Contributing to the circular economy

Powering the sustainable credentials of issued cards is one aspect, but it’s also vital that banks encourage their customers to do the right thing with them once they expire and they need to be discarded of. We’re already seeing prominent banks making progress in this area. UK retail bank, Santander, has launched a pilot scheme in branches and ATMs that encourages customers to return their outdated credit and debit cards for recycling, for example.

The collected cards are then turned into plastic pellets to be used elsewhere, for instance to make outdoor furniture, sponsored by Santander, for local communities. As more banks opt for card recycling, consumers will be empowered to dispose of their old or expired cards in a green way and help to reduce ecological footprint.

Into the digital world

Outside of card innovations, retail banks can add to their credible green claims with digital solutions. As an example, the card issuance process has typically involved paper letters, with additional PIN letter, that are posted out to customers to activate their payment cards. Instead, an ePIN service can enable customers to instantly access their PIN via their choice of a mobile app or SMS message, reducing paper waste and waiting times.

There are also innovations taking place in terms of QR codes and augmented reality (AR) solutions to enable digital marketing offerings. This means that printed collateral doesn’t need to physically sent out in the post. The more that these types of communications are sent out digitally, the more that consumers see a tangible commitment to sustainable practices.

Banks can even take an additional step by deploying third-party partners to track the CO2 footprint involved with every purchase or payment. By opting for organisations that have a solid track record in green practices, such as supporting product certifications and information on eco-products and their claims, they can make steps to compensate for each transaction carbon footprint.

Contributing to the green story

To ensure they don’t come under any criticism regarding their environmental claims, banks and financial institutions have the opportunity to adopt sustainable practices that align with their customers’ expectations for eco-friendly commitments in both their physical and digital services. They can introduce banking cards made from recycled or entirely compostable materials, eliminating plastic waste.

Digitally, banks can minimise unnecessary paper use by employing online applications to simplify the process of delivering PINs. By innovating in these domains, they can fulfil their environmental responsibilities and establish that essential trust with consumers, contributing positively to the planet’s wellbeing.

Continue Reading

Business

Successfully dealing with the unintended consequences of change

by Daniel Norman, Change Management Consultant at Symatrix

Most people dislike change. We are drawn to stability and established routines and feel unsettled when anything happens to disrupt the ‘status quo’. It’s bad enough when the local supermarket moves the bread section – but when the company we work for introduces a new digital system that completely changes how we work, it feels like ‘the sky is falling in’.

When change happens within businesses, there may initially be some resistance from employees: whether it be in the form of avoiding new systems, skipping training, clinging to old methods, or even quitting altogether. Change in business is a constant, however, and it is usually driven by a desire for improvement, and typically over time, becomes the new normal.

Good change management is all about smoothing this process of transition and that means engaging with people and helping them to seamlessly switch to a new model or ways of working.  Change management is not just concerned with implementing new systems or processes; it is just as much about listening intently to colleagues, customers, and stakeholders.

It’s working with people to get things right, building a deep understanding of the challenges we and our colleagues face, and shaping the vision for a future that resonates with people. Change is most successful when everyone feels they have a part to play in moving things forward. And that’s true of all change initiatives, large and small.

Finding a way forward

When it comes to managing change, it’s important to recognise that everyone will have their own journey; they’ll work through things at their own pace, and that’s more sustainable than pretending we’ll all arrive at the same point at the same time.

 It’s also important to focus on creating a supportive environment, or the right conditions for people to adapt, with as little friction as possible. The goal is to establish conditions that minimise friction and foster a collective sense of purpose. This philosophy is crucial in creating a environment conducive to individual and organisational growth.

Getting the planning process right

When planning for change, it’s essential to consider both the intended and unintended consequences. Just as technological advancements like social media have transformed communication but also introduced challenges such as misinformation and mental health concerns, organisational changes can have extensive, unforeseen impacts. A thorough exploration of current operational practices, beyond process maps or managerial assertions, is therefore, always a vital feature of any effective change management approach.

For that reason, it can often be a mistake to pull out those process maps the team updated 12 months ago or rely on the word of line managers that will tell you ‘this is how we operate’ without taking into consideration the work-arounds or simplifications that employees have developed over time.

Teams will naturally evolve, and patterns of work; ways of doing things that aren’t written down, will always be there. A good change manager must always be cognisant of that. Even small changes, like when a key person in the team changes roles, can have a big impact.

To manage change well, it’s important to talk to the people who will be most affected by it. This helps change managers to plan and effectively execute the change journey. By ignoring these key considerations, organisations risk their change strategy stalling from the outset and the opportunity for operational efficiencies may therefore never be fully realised.

Throughout the process, it is crucial to continuously monitor and measure the impact of change on all key stakeholders. One effective way of doing that is by embracing the principle of change curves: a popular model organisations can use to understand the different stages people and the organisation go through when a change occurs.

An effective strategy involves mapping stakeholders against this curve, whether as individuals or groups, during project check-ins. This approach can help project leaders gauge the current position of every team member on the curve, the impact of the project’s upcoming phase on them, or their colleagues, and additional support measures that could be implemented. Such an assessment facilitates a more tailored and effective change management strategy, ensuring stakeholders are adequately supported throughout the transition.

Not everything will run like clockwork, of course, no matter the change management approach that is put in place. Challenges, setbacks, and opportunities for improvement are inherent to any process, but proactive anticipation and planning for potential worst-case scenarios and unintended consequences significantly enhance our ability to support our colleagues and teams effectively. This strategic foresight is crucial in managing transitions smoothly and realising the intended benefits of initiatives.

A positive route ahead

Change, especially in business, are inevitable and often aimed at fostering improvement and growth. However, the journey through change is deeply personal and varies from one individual to another. By acknowledging this, creating a supportive environment, and engaging with all stakeholders, organisations can navigate the complexities of change with minimal resistance and maximum efficiency.

Effective change management, therefore, is not just about the technical implementation of new systems but about genuinely listening to and working with people to adapt and thrive in new circumstances. It’s about understanding the nuanced ways teams operate, the unofficial shortcuts and workarounds they’ve developed, and considering the broader implications of change beyond immediate operational efficiencies. Through a thoughtful approach that anticipates challenges and values stakeholder input, organisations can not only manage change but turn it into a catalyst for positive transformation and growth.

It is clear then that while people may inherently dislike change, with the right conditions, support, and leadership, the transition can become a journey of collective progress and innovation. Change, managed well, can transform the initial discomfort into an opportunity for development, making the once feared ‘sky falling in’ scenario a launchpad for reaching new heights.

Continue Reading

Business

Embedded finance: What consulting firms need to know

By Michael Pierce, VP of Sales at Toqio

Consulting firms are the architects of change in the business world, offering insights and solutions that guide companies toward growth and success. They navigate the intricate landscape of markets and industries, providing invaluable advice to their clients. In this evolving milieu, an opportunity is arising as embedded finance enters the scene, creating a unique and prospectively vital synergy between consultants and platform providers.

Embedded finance, especially within the scope of B2B enterprises, is a hot topic right now among consultancies and the outlook seems to be quite positive.

To date, much of the initial traction in embedded finance has been in the consumer sector, with products such as no- or low-interest financing, buy-now-pay-later (BNP), and others. On the B2B side, there is an increasing amount of mobilization. In recent months we’ve seen incumbent banks either entering the banking-as-a-service (BaaS) market or enabling their services through open banking partnerships, while strategy firms are busy advising corporate entities on the potential routes they can take. Early adopters have already made embedded finance a cornerstone of their digital or financial transformation programs: MVPs and proofs of concept have been on the rise.

As we all peer forward, the market is starting to look for scalable use cases to take advantage of these massive, predicted opportunities. Companies are searching for solutions that go beyond the hype.

For consulting firms, the messaging remains positive. The fundamentals of embedded finance drive strong service revenue. Even more importantly, the business cases for their clients stack up as well. Numerous opportunities are on the table when consultants incorporate embedded finance platforms into their projects, including increased revenue, improved retention rates, access to a wider range of data for better decision-making, and many more.

Adaptability delivers excellent results

Embedded finance helps to break down barriers faced by many companies when trying to access affordable financial services. By integrating financial services directly into the supply chain, companies can enjoy many benefits, such as liquidity management, credit accessibility, risk mitigation, and many others. That’s one of the reasons why embedded finance platforms are proving to be the latest addition to the consultant’s toolkit. They offer a wide array of solutions that enable businesses to integrate financial services into their products and services. What makes embedded finance platforms especially appealing to consultants is their adaptability and scalability.

Consulting firms understand the need for versatile solutions capable of addressing various business requirements. Versatility and adaptability are key, giving consultants the flexible tools they need to deliver on time and within budget.

Embedded finance platforms are a natural extension of consulting firms’ capabilities as they offer a comprehensive range of financial solutions that integrate perfectly into existing business processes. This alignment provides consulting firms with several advantages, such as  enhanced client services, data-driven insights, streamlined processes, scalability, and versatility.

A match made in finance

The compatibility between consulting firms and embedded finance platforms is readily apparent. Consultants excel at diagnosing business issues and embedded finance platforms provide a precise prescription for financial enhancements.

There is an extensive list of benefits that consulting firms can get from platforms like this. Diversifying their business is just one of them as embedded finance platforms augment the services that consultants offer. They allow consultants to present clients with solutions for intricate business ecosystem operations, such as payment processing, receivables management, and liquidity optimization.

Partnering with an embedded finance platform can also open up new revenue streams as well as being able to scale the solutions built with more agility. Consultants can use them to address the unique needs of projects of any size, whether working with an SME or a multinational enterprise.

The relationship between consulting firms and embedded finance platforms isn’t just about expanding services, it’s about offering integrated financial solutions that improve efficiency, profitability, and competitiveness. This partnership drives results. In a world where businesses seek comprehensive solutions, embedded finance platforms empower consulting firms to address complex financial challenges effectively.

Continue Reading

Copyright © 2021 Futures Parity.