Page 20 - Risk Management Bulletin April -June 2021
P. 20
RMAI BULLETIN APRIL TO JUNE 2021
With the rise of digitization, comes the rise in threat considered unavoidable. Banks find ways of
of cyber-attacks. In the past few years we have seen transferring the risk of loss due to such unavoidable
numerous cyber-attacks on corporate as well as events through insurance. So to mitigate the risk it is
individuals. Malwares like WannaCry, Ransomeware necessary to transfer the risk through cyber insurance.
etc., left the American and European nations perplexed
as the most valuable of the lot - DATA, was made Cyber insurance is a customized insurance offering
vulnerable and the cyber theft has resulted in hackers comprehensive cover for third party liability and first
siphoning off money from the big corporate and left party expenses a bank may incur arising out of
the database accessible to the hackers. This has raised unauthorized access or use of its physical and
the crime rate and a new type of war began which we electronic data or software. Cyber insurance policies
can term as cyber war or cyber terrorism. Here, the can also provide coverage for liability, costs and
terrorist organizations with the use of high end expenses arising from network intrusion, the spreading
technology and algorithms attack the confidential of a virus or malicious code, computer theft or
government database and extorts a hefty sum from extortion.
the nations for decrypting the same.
Cyber insurance also provides cover for business
As the custodian of public's money, banks needs to interruption and the cost of notifying customers and
build on the CIA Triad (Confidentiality, Integrity, and regulatory investigations or actions in case of a breach,
Availability). Here most important factor is to protect without the requirement for physical damage that is
the customer data. With millions of consumers a standard trigger under property policies. The Reserve
transacting with banks online every year, it is a bank's Bank of India highlighted the need for Indian Banks to
obligation to put mechanisms in place to stop the loss obtain Cyber Crime Insurance in its Internet Banking
of Personally Identifying Information (PII), transactional Guidelines of June 14, 2001 to ensure that customers
data of its customers, and bank's internal sensitive are spared from phishing liabilities.
information. It is also the bank's responsibility to
respond in an efficient and effective manner in case Cyber insurance policies are designed to
of such losses. Cyber frauds are a fast emerging threat address many variables within the online
to most of the business entities and more so to realm and can include:
financial institutions, including banks.
Y The liability of the bank arising from data
protection laws.
Banks have been building suitable cyber defense
systems to detect and prevent cyber-attacks and Y The management of personal data and the
minimize, if not avoid, financial losses. For the bank, consequences of losing personal identifying
the most valuable assets are its customer. For a information.
customer it is the trust factor that plays a significant
Y Repair of banks' reputation Notification and
role in building long term relationships with any monitoring costs.
banking institution. So for the banks it becomes
pertinent to identify the risk involved with online cyber Y Cyber extortion and network interruption.
frauds and as a matter of saving the institution from
Reputational risk loss, adopt risk mitigation measures
so that the banker-customer relation remains intact.
Cyber Insurance - A Risk Transfer
Measure
Business losses can occur by two ways i.e., naturally
occurring losses caused due to natural calamities, like
fire , earthquake, floods etc. and the other human
induced losses, caused due to malafide intentions or
by certain acts of thefts be it physical theft or cyber
theft. Though not natural, thefts and robberies are also
18
