Page 20 - Risk Management Bulletin April -June 2021
P. 20

RMAI BULLETIN APRIL TO JUNE 2021


             With the rise of digitization, comes the rise in threat  considered unavoidable. Banks find ways of
             of cyber-attacks. In the past few years we have seen  transferring the risk of loss due to such unavoidable
             numerous cyber-attacks on corporate as well as   events through insurance. So to mitigate the risk it is
             individuals. Malwares like WannaCry, Ransomeware  necessary to transfer the risk through cyber insurance.
             etc., left the American and European nations perplexed
             as the most valuable of the lot - DATA, was made  Cyber insurance is a customized insurance offering
             vulnerable and the cyber theft has resulted in hackers  comprehensive cover for third party liability and first
             siphoning off money from the big corporate and left  party expenses a bank may incur arising out of
             the database accessible to the hackers. This has raised  unauthorized access or use of its physical and
             the crime rate and a new type of war began which we  electronic data or software. Cyber insurance policies
             can term as cyber war or cyber terrorism. Here, the  can also provide coverage for liability, costs and
             terrorist organizations with the use of high end  expenses arising from network intrusion, the spreading
             technology and algorithms attack the confidential  of a virus or malicious code, computer theft or
             government database and extorts a hefty sum from  extortion.
             the nations for decrypting the same.
                                                              Cyber insurance also provides cover for business
             As the custodian of public's money, banks needs to  interruption and the cost of notifying customers and
             build on the CIA Triad (Confidentiality, Integrity, and  regulatory investigations or actions in case of a breach,
             Availability). Here most important factor is to protect  without the requirement for physical damage that is
             the customer data. With millions of consumers    a standard trigger under property policies. The Reserve
             transacting with banks online every year, it is a bank's  Bank of India highlighted the need for Indian Banks to
             obligation to put mechanisms in place to stop the loss  obtain Cyber Crime Insurance in its Internet Banking
             of Personally Identifying Information (PII), transactional  Guidelines of June 14, 2001 to ensure that customers
             data of its customers, and bank's internal sensitive  are spared from phishing liabilities.
             information. It is also the bank's responsibility to
             respond in an efficient and effective manner in case  Cyber insurance policies are designed to
             of such losses. Cyber frauds are a fast emerging threat  address many variables within the online
             to most of the business entities and more so to  realm and can include:
             financial institutions, including banks.
                                                              Y  The liability of the bank arising from data
                                                                 protection laws.
             Banks have been building suitable cyber defense
             systems to detect and prevent cyber-attacks and  Y  The management of personal data and the
             minimize, if not avoid, financial losses. For the bank,  consequences of losing personal identifying
             the most valuable assets are its customer. For a    information.
             customer it is the trust factor that plays a significant
                                                              Y  Repair of banks' reputation Notification and
             role in building long term relationships with any   monitoring costs.
             banking institution. So for the banks it becomes
             pertinent to identify the risk involved with online cyber  Y  Cyber extortion and network interruption.
             frauds and as a matter of saving the institution from
             Reputational risk loss, adopt risk mitigation measures
             so that the banker-customer relation remains intact.

             Cyber Insurance - A Risk Transfer
             Measure
             Business losses can occur by two ways i.e., naturally
             occurring losses caused due to natural calamities, like
             fire , earthquake, floods etc. and the other human
             induced losses, caused due to malafide intentions or
             by certain acts of thefts be it physical theft or cyber
             theft. Though not natural, thefts and robberies are also


                                                           18
   15   16   17   18   19   20   21   22   23   24   25