Leyton Jefferies, head of cyber security services, CSI LTD
The rise of ransomware attacks, and insurance companies paying hundreds of millions in cybersecurity-related claims each year are being blamed for organisations now facing rising cyber insurance rates, tightening of standards, and limiting coverage. With average ransom payments reaching $812,000 during 2021, the true cost of ransomware is in fact much more when the cost of downtime and reputational damage is factored in.
Cyber insurance protects businesses against internet-based risks, such as data breaches, cyber attacks and other threats. Policies generally cover expenses associated with a cyber incident such as investigation, legal fees, customer notification costs and regulatory fines.
However, the recent trend of insurance companies tightening their standards has been found to be a particular challenge for organisations with recent research by CSI Ltd finding that only 2 in 10 (19%) security decision makers are fully confident that their cyber insurance will cover their cyber risk in 2023. Less than a third (29%) were fully confident that they were compliant with the new stricter terms that insurance companies are now stipulating.
Yet, the risk level only looks to increase. CSI Ltd’s research found that 78% of organisations believe the current cost-of-living crisis will increase the risk of a cyber threat occurring in their organisation. When asked what factors they anticipate will increase due to the economic climate, 43% said fraud and phishing attempts, 45% said new and emerging threats, 39% said greater risk of supply chain partners being breached and 34% said reduced budgets leading to lack of third-party services and tools.
Companies now need to demonstrate that they have taken adequate steps to safeguard their IT infrastructure before they are granted cyber insurance. It’s now essential to be proactive and implement effective security controls to thwart cyber-attacks. A reactive approach to identifying and responding to a cyber attack is no longer acceptable and will not only make it difficult to obtain cyber insurance, it will also put the company at significant risk of financial and reputational damage in the event of a breach.
Whilst the prospect of having no cover may be daunting, it perhaps serves as a point of reflection for companies to adequately reassess their own security posture and strengthen it where required. So how can organisations ensure that they are operating on the front foot when it comes to their cyber security posture?
Immutable backup and disaster recovery
One of the essential controls for an organisation is immutable backup and disaster recovery. Backups allow companies to restore their systems and data quickly after a cyber-attack, while immutable backups guarantee that the data is not altered or deleted, even by an attacker with administrative privileges. This ensures that a company can quickly recover from an attack without losing data or compromising the integrity of it.
Endpoint detection and response (EDR)
EDR is another control that should be included as part of an organisation’s arsenal to reduce cyber risk. EDR technology provides real-time visibility and response capabilities into the endpoints of a company’s network. This allows security teams to detect and respond to threats quickly.
Managed detection and response (MDR)
MDR is a service that combines technology with human expertise to monitor a company’s network and identify potential threats. It provides proactive defence against attacks by detecting and responding to them before they can cause harm.
A significant proportion of external breaches are due to unpatched vulnerabilities. A poor patching regime can have catastrophic consequences on systems, personally identifiable information, and intellectual property.
Keeping software and operating systems up to date with the latest security patches is crucial to prevent known vulnerabilities from being exploited by attackers. Patch management as a discipline also plays a crucial role in improving stability and functionality.
Multi-factor authentication (MFA)
MFA requires users to provide more than one form of authentication before accessing a system or application. This additional layer of security helps to prevent unauthorised access and protects against phishing attacks.
Strengthening security posture is the real win
Cyber insurance can bring peace of mind for organisations, after all, it’s not a case of ‘if’ but ‘when’ they may fall victim to a cyber-attack. Cyber insurance can help you recover from external attacks from bad actors as well as oversights from within the business, putting the focus back on the core operations.
However, taking a proactive approach to reducing your risk profile will increase your overall security stance – which is a win, regardless of whether you have cyber insurance or not.
Embedded Finance: The Opportunity Ahead
By Eduardo Martinez Garcia, CEO & Co-founder of Toqio
The current financial landscape is undergoing a significant transformation, disrupting the long-established dominion of major banks and other large financial institutions. Embedded finance, a concept that has thrived in the realm of digital consumer products, is now steadily infiltrating the corporate domain, poised to revolutionize the financial sector further.
This paradigm shift is manifesting in a multitude of ways, with digital embedded finance increasingly becoming an integral part of corporate digital offerings. Distributor payment processing, lending services for suppliers, and supply chain financing are all becoming commonplace – the versatility of corporate embedded finance knows no bounds. Despite the diverse applications the core objectives remain consistent, including enhancing B2B processes, mitigating risks, and fortifying business relationships.
Corporate embedded finance promises to deliver substantial value over the course of the next decade. A burgeoning opportunity beckons, estimated to be worth an astonishing USD 3.7 trillion over the next five years alone. Remarkably, more than 50% of businesses have expressed a preference for cash flow financing through platforms rather than traditional banks, as per a report by McKinsey. The shift observed in consumer embedded finance adoption is creeping into the B2B landscape, and moving more quickly all the time. Consequently, if the high level of adoption of consumer embedded finance carries over into the B2B space, and it’s certainly expected to, we’re genuinely looking at the next big thing.
Customers are no longer passive passengers in their financial journeys; they have emerged as the navigators, steering the industry’s course while financial institutions focus on risk management. Banks and non-banking financial institutions (NBFIs) remain pivotal, but their control of products is waning. Companies, intimately acquainted with their customers and partners, possess a deeper understanding of their collaborative ecosystem. Consequently, they are better equipped to tailor their financial offerings to meet the needs of their business relationships.
Take Amazon, for instance, which has been offering loans to small businesses operating on its platform for years. Amazon evaluates risk based on a merchant’s payment history, sales volume, projected revenue, and other critical data points. This approach enables Amazon to provide additional value to its sellers while securing a foothold in the financing market. The close rapport Amazon shares with its small business partners positions it with substantially less risk compared to conventional banks.
Shopify has also ingeniously woven embedded finance into the very fabric of its offering. While its core service revolves around delivering an efficient, subscription-based e-commerce platform, it also provides payment processing and lending services, among a myriad of other financial solutions. Shopify boasts an extensive reservoir of data, allowing it to make informed decisions about the financial products it can offer to merchants, all while keeping risk to a minimum.
Historically, financial products have fallen within the purview of major corporations either through partnerships with third parties or in-house service creation. Nevertheless, the rise of digital channels has expedited the decentralization of financial services, and it’s snowballing. Companies spanning various industries, from automakers to retail giants, are recognizing the immense untapped potential in taking control of many functions traditionally handled by financial institutions. While financial institutions will endure, their role is evolving. Their strengths are assessment, management, and specialized services. They must pivot towards analyzing data from a multitude of sources, diving into data lakes to provide genuinely useful risk assessments.
Incumbent banks have demonstrated their staying power and adaptability time and time again, mostly due to being able to leverage their size and relative dependability. They’ve capitalized on their vast customer bases, regulatory compliance expertise, and extensive branch networks to maintain a competitive edge. Additionally, incumbent banks have finally begun to recognize the need to adapt to changing customer expectations and digital transformation.
The future of core banking is likely to strike a balance between fintech disruptors and established incumbents. Collaboration and partnerships between incumbents and fintech startups tend to drive innovation, offering customers cutting-edge digital experiences. Big banks are probably going to find their place in the market modified, and not necessarily in a bad way.
Incumbents and financial behemoths have long been oriented toward long-term financial products, such as 30-year mortgages. But what about short-term business loans? Consider the restaurateur seeking a swift three-month loan to renovate a kitchen or the farmer unable to repay a loan until the crops are harvested and sold, a process spanning six months or more. For traditional banks, these scenarios represent short-term debts, a situation they tend to avoid. This presents a prime opportunity for companies to tailor products that cater to these specific needs, allowing them to define the space.
The evolution of embedded finance is commencing with payments, as it represents one of the least regulated segments in finance, offering ample room for innovation. Credit, closely trailing payments in significance, holds paramount importance. What’s really exciting is that as corporate giants blaze the trail, they pave the way for others to follow suit. This means that small and medium-sized enterprises will also be able to get involved, making embedded finance more inclusive within a given business ecosystem.
Eduardo Martinez Garcia is the CEO & Co-Founder of Toqio. He is an avid entrepreneur who has set up and run successful global ventures in the UK, Spain, and South Africa over the course of the last 20 years.
Hype, Hysteria & Hope: AI’s Evolutionary Journey and What it Means for Financial Services
Source: Finance Derivative
Written by Gabriel Hopkins, Chief Product Officer at Ripjar
Almost a year to the day since ChatGPT launched, the hype, hysteria, and hope around the technology shows little signs of abating. In recent weeks OpenAI chief Sam Altman was removed from his position, only to return some days later. Rishi Sunak hosted world leaders at the UK’s AI Safety Summit, interviewing the likes of Elon Musk in front of an assembly of world leaders and tech entrepreneurs. While behind the scenes, AI researchers are rumoured to be close to even more breakthroughs within weeks.
What does it all mean for those industries that want to benefit from AI but are unsure of the risks?
It’s possible that some forms of machine learning – what we used to call AI – have been around for a century. Since the early 1990s, those tools have been a key operational element of some banking, government, and corporate processes, while being notably absent from others.
So why the uneven adoption? Generally, that has been related to risk. For instance, AI tools are great for tasks like fraud detection. It’s a well-established that an algorithm can do things that analysts simply can’t by reviewing vast swathes of data in milliseconds. And that has become the norm, particularly because it is not essential to understand each and every decision in detail.
Other processes have been more resistant to change. Usually, that’s not because an algorithm couldn’t do better, but rather because – in areas such as credit scoring or money laundering detection – the potential for unexpected biases to creep in is unacceptable. That is particularly acute in credit scoring when a loan or mortgage can be declined due to non-financial characteristics.
While the adoption of older AI techniques has been progressing year after year, the arrival of Generative AI, characterised by ChatGPT, has changed everything. The potential for the new models – both good and bad – is huge, and commentary has divided accordingly. What is clear is that no organisation wants to miss out on the upside. Despite the talk about Generative and Frontier models, 2023 has been brimming with excitement about the revolution ahead.
A primary use case for AI in the financial crime space is to detect and prevent fraudulent and criminal activity. Efforts are generally concentrated around two similar but different objectives. These are thwarting fraudulent activity – stopping you or your relative from getting defrauded – and adhering to existing regulatory guidelines to support anti-money laundering (AML), and combatting the financing of terrorism (CFT).
Historically, AI deployment in the AML and CFT areas has faced concerns about potentially overlooking critical instances compared to traditional rule-based methods. Within the past decade, and other regulators initiated a shift by encouraging innovation to help with AML and CFT cases. Despite the use of machine learning models in fraud prevention over the past decades, adoption in AML/CFT has been much slower with a prevalence for headlines and predications over actual action. The advent of Generative AI looks likely to change that equation dramatically.
One bright spot for AI in compliance over the last 5 years, has been in customer and counterparty screening, particularly when it comes to the vast quantities of data involved in high-quality Adverse Media (aka Negative News) screening where organisations look for the early signs of risk in the news media to protect themselves from potential issues.
The nature of high-volume screening against billions of unstructured documents has meant that the advantages of machine learning and artificial intelligence far outweigh the risks and enable organisations to undertake checks which would simply not be possible otherwise.
Now banks and other organisations want to go a stage further. As Generation AI models start to approach AGI (Artificial General Intelligence) where they can routinely outperform human analysts, the question is when, and not if, they can use the technology to better support decisions and potentially even make the decisions unilaterally.
AI Safety in Compliance
The 2023 AI Safety Summit was a significant milestone in acknowledging the importance of AI. The Summit resulted in 28 countries signing a declaration to continue meetings to address AI risks. The event led to the inauguration of the AI Safety Institute, which will contribute to future research and collaboration to ensure its safety.
Though there are advantages to having an international focus on the AI conversation, the GPT transformer models were the primary focus areas during the Summit. This poses a risk of oversimplifying or confusing the broader AI spectrum for unaccustomed individuals. There is a broad range of AI technologies with hugely varying characteristics. Regulators and others need to understand that complexity. Banks, government agencies, and global companies must exert a thoughtful approach to AI utilisation. They must emphasise its safe, careful, and explainable use when leveraged inside and outside of compliance frameworks.
The Road Ahead
The compliance landscape demands a review of standards for responsible AI use. It is essential to establish best practices and clear objectives to help steer organisations away from hastily assembled AI solutions that compromise accuracy. Accuracy, reliability, and innovation are equally important to mitigate fabrication or potential misinformation.
Within the banking sector, AI is being used to support compliance analysts already struggling with time constraints and growing regulatory responsibilities. AI can significantly aid teams by automating mundane tasks, augmenting decision-making processes, and enhancing fraud detection.
The UK can benefit from the latest opportunity. We should cultivate an innovation ecosystem with is receptive to AI innovation across fintech, regtech, and beyond. Clarity from government and thought leaders on AI tailored to practical implementations in the industry is key. We must also be open to welcoming new graduates from the growing global talent pool for AI to fortify the country’s position in pioneering AI-driven solutions and integrating them seamlessly. Amid industry change, prioritising and backing responsible AI deployment is crucial for the successful ongoing battle against all aspects of financial crime.
Using AI to support positive outcomes in alternative provision
By Fleur Sexton
Fleur Sexton, Deputy Lieutenant West Midlands and CEO of dynamic training provider, PET-Xi, with a reputation for success with the hardest to reach,
discusses using AI to support excluded pupils in alternative provision (AP)
Exclusion from school is often life-changing for the majority of vulnerable and disadvantaged young people who enter alternative provision (AP). Many face a bleak future, with just 4% of excluded pupils achieving a pass in English and maths GCSEs, and 50% becoming ‘not in education, employment or training’ (NEET) post-16.
Often labelled ‘the pipeline to prison’, statistics gathered from prison inmates are undeniably convincing: 42% of prisoners were expelled or permanently excluded from school; 59% truanted; 47% of those entering prison have no school qualifications. With a prison service already in crisis, providing children with the ‘right support, right place, right time’, is not just an ethical response, it makes sound financial sense. Let’s invest in education, rather than incarceration.
‘Persistent disruptive behaviour’ – the most commonly cited reason for temporary or permanent exclusion from mainstream education – often results from unmet or undiagnosed special educational needs (SEN) or social, emotional and mental health (SEMH) needs. These pupils find themselves unable to cope in a mainstream environment, which impacts their mental health and personal wellbeing, and their abilities to engage in a positive way with the curriculum and the challenges of school routine. A multitude of factors all adding to their feelings of frustration and failure.
Between 2021/22 and 2022/23, councils across the country recorded a 61% rise in school exclusions, with overall exclusion figures rising by 50% compared to 2018/19. The latest statistics from the Department for Education (DfE), show pupils with autism in England are nearly three times as likely to be suspended than their neurotypical peers. With 82% of young people in state-funded alternative provision (AP) with identified special educational needs (SEN) and social emotional and mental health (SEMH) needs, for many it is their last chance of gaining an education that is every child’s right.
The Department for Education’s (DfE) SEND and AP Improvement Plan (March 2023).reported, ‘82% of children and young people in state-place funded alternative provision have identified special educational needs (SEN) 2, and it (AP) is increasingly being used to supplement local SEND systems…’
Some pupils on waiting lists for AP placements have access to online lessons or tutors, others are simply at home, and not receiving an education. In oversubscribed AP settings, class sizes have had to be increased to accommodate demand, raising the pupil:teacher ratio, and decreasing the levels of support individuals receive. Other unregulated settings provide questionable educational advantage to attendees.
AI can help redress the balance and help provide effective AP. The first challenge for teachers in AP is to engage these young people back into learning. If the content of the curriculum used holds no relevance for a child already struggling to learn, the task becomes even more difficult. As adults we rarely engage with subjects that do not hold our interest – but often expect children to do so.
Using context that pupils recognise and relate to – making learning integral to the real world and more specifically, to their reality, provides a way in. A persuasive essay about school uniforms, may fire the debate for a successful learner, but it is probably not going to be a hot topic for a child struggling with a chaotic or dysfunctional home life. If that child is dealing with high levels of adversity – being a carer for a relative, keeping the household going, dealing with pressure to join local gangs, being coerced into couriering drugs and weapons around the neighbourhood – school uniform does not hold sway. It has little connection to their life.
Asking the group about the subjects they feel strongly about, or responding to local news stories from their neighbourhoods, and using these to create tasks, will provide a more enticing hook to pique their interest. After all, in many situations, the subject of a task is just the ‘hanger’ for the skills they need to learn – in this case, the elements of creating a persuasive piece, communicating perspectives and points of view.
Using AI, teachers have the capacity to provide this individualised content and personalised instruction and feedback, supporting learners by addressing their needs and ‘scaffolding’ their learning through adaptive teaching.
If the learner is having difficulty grasping a concept – especially an abstract one – AI can quickly produce several relevant analogies to help illustrate and explain. It can also be used to develop interactive learning modules, so the learner has more control and ownership over their learning. When engaged with their learning, pupils begin to build skills, increasing their confidence and commitment.
Identifying and discussing these skills and attitudes towards learning, with the pupil reflecting on how they learn and the ways they learn best, also gives them more agency and autonomy, thinking metacognitively.
Gaps in learning are often the cause of confusion, misunderstandings and misconceptions. If a child has been absent from school they may miss crucial concepts that form the building blocks to more complex ideas later in their school career. Without providing the foundations by filling in these gaps and unravelling the misconceptions, new learning may literally be impossible for them to understand, increasing frustration and feelings of failure. AI can help identify those gaps, scaffold learning and build understanding.
AI is by no means a replacement for teachers or teaching assistants, it is purely additional support. Coupled with approaches that promote engagement with learning, AI can enable these disadvantaged young people to access an education previously denied them.
According to the DfE, ‘All children are entitled to receive a world-class education that allows them to reach their potential and live a fulfilled life, regardless of their background.’ AI can help support the most disadvantaged young people towards gaining the education they deserve, and creating a pathway towards educational and social equity.