R&C: How would you describe the cyber security threats and data privacy concerns currently facing financial institutions?

van den Dool: For financial institutions, it is the complexity of their IT landscapes that create particular cyber security and data privacy threats. Yes, there are all kinds of threats out there and a fast-changing set of data privacy requirements, but the real challenge they face lies in identifying their critical assets and knowing where they are. That is why these risks are so difficult for them to manage. Many financial institutions have grown rapidly through mergers and acquisitions without, in many cases, de-complicating their IT environments along the way. So in many cases, along with managing the increasingly large volumes of sensitive privacy data for which they have become responsible, they are also struggling to understand their most critical assets and data across incredibly diverse and complex business environments. Remember, financial services is one of the most connected industries around. Huge transactions are being cleared by IT systems without any human interaction. This introduces new levels of complexity and far higher levels of risk for attack and fraud scenarios. Add to that new channels like mobile banking, new payment methods and huge levels of automated activity taking place at high velocity and it is an extremely challenging proposition.

Bannon: It is fair to say that the cyber risk environment has not abated in any way. If anything, all the evidence clearly suggests that this is a risk affecting all industries, not just financial institutions. Cyber security as a threat is going to be here for as far as we can see. It is really a function of the advancement and convergence of technologies, and the posture for the insurance market is that this is represents the newly normalised business environment. Clearly, it is the responsibility of the insurance industry to support the key pillars of our economy, such as the financial sector, to really address the risks financial institutions are facing and determine what the insurance industry can do to ensure that those risks are removed from the system. A recent report by the US network security company FireEye revealed that one of the most notable developments in the cyber security landscape during the second half of 2015 was the 300 percent increase in the number of advanced targeted cyber threats against the financial sector – a stark and dramatic increase in the threat landscape. So the data is telling us that there will always be an ambient noise level around financial institutions and their susceptibility to increased cyber attacks.

Jul-Sep 2016 Issue




Jones Day

Zurich Insurance Group