With all-the-time connectivity, comes all-the-time cyber risk
Cyber insurance, which covers cyber risk, has emerged as a “must have” for banks. It is directly related to electronic banking, the internet, and being connected 7x24x365. Point: When your institution is connected to the internet all of the time, you are vulnerable to attack all of the time! Just this week the Peoples Republic of China faced cyber risk. The target consisted of a massive denial of service. The reality is that your institution is constantly exposed to numerous cyber risks and just because you have firewalls, virus protection and a competent staff does not mean you’re protected. In comes cyber insurance, a product that covers cyber risk, when your electronic environment is compromised by the bad guys or, if it doesn’t fully cover, it is a way to at least partially offset the potential costs and losses if your institution falls victim to such an attack.
Point: Criminal elements are trying to compromise your system security and your customer data. There are foreign governments that sponsor cyber-espionage too, and they have huge resources at their disposal.
The big question is: how could you possibly know enough about the topic of cyber security to confidently acquire the correct policy and coverage? Should you rely exclusively on your insurance agent to provide you with adequate coverage? Here’s one way to assess your knowledge of cyber risks, courtesy of New York State.
To test institutional knowledge and awareness of the risks associated with cyber space, the New York State Department of Financial Services, which is the examiner for state chartered banks, created and distributed a questionnaire on the topic. The objective of the questionnaire, in our opinion, is a shot across the leadership bow of the banks in the state to raise awareness and responsibility. The document presents bank boards and executive management teams with tough questions on the cyber security and is clearly trying to determine how aware and prepared institutions are.
More regulation? Absolutely not! Increasing concern? Absolutely yes, and their concern is legit! Why? Because there remains financial institutions in the industry that continue to offer internet facing banking products that do not have adequate internet security! Nor do they have monitoring programs to identify suspicious activity. The main line of defense at these institutions is to wait until the customer complains.
No matter how you look at it, the threat is real. Furthermore, as you your institution continues to expand the offering of internet based services, your risk and exposure increases.
Here’s a tip, hire a cyber-security expert to evaluate your organization, but before you do, try to complete the survey below without any assistance. It is an excellent tool to use in determining how much you don’t know, but need to!