PIMFA
Navigating your cyber risks
In an era dominated by digital transformation, wealth managers are perched on the precipice of cyber risk. As businesses increasingly digitise their operations, the allure of efficiency and convenience is accompanied by a lurking threat: the ever-evolving realm of cyber threats.
For years, wealth managers have retained a reputation of being an appealing target for cyber criminals looking to exploit the vast amount of sensitive client data and client monies they hold. The National Cyber Security Centre (NCSC) along with the Information Commissioner’s Office (ICO) continue to remind firms of their role in reducing cyber risk, and particularly ransomware risk – the biggest online threat to the UK. Therefore, it’s vital that businesses understand what they can do to reduce the risk of a cyber attack.
Ransomware payments on the rise
Ransomware attacks have become increasingly problematic as cybercriminals realise the value of extorting and disclosing sensitive data. In the past, ransomware attackers would infiltrate a business’s systems, encrypt data, and demand payment. However, the introduction of data exfiltration adds a new layer of complexity. Now, attackers threaten to publish stolen data unless ransom demands are met. This tactic significantly amplifies the potential reputational damage, making businesses more inclined to pay the ransom, even if they have backup systems in place.
Evidence suggests this strategy is working. The cybersecurity firm, Sophos, revealed that ransomware payments have nearly doubled in the past year, with UK companies paying more than the global average. They found that average ransomware payments globally rose to $1.5m, up from $812,000 the previous year. By contrast, the average payment made by UK organisations stood at $2.1m. The NCSC has also expressed concerns regarding the intersection of ransomware and artificial intelligence, which further exacerbates cyber risks.
The impact of ransomware risk transfer
Ransomware attacks can wreak havoc on a business’s operations in a matter of minutes and cause serious financial harm. As such, cyber insurance plays a critical role in mitigating the financial and operational fallout of cyber attacks.
In one case study, a professional services firm suffered an elaborate ransomware attack in which all its computer systems and data were encrypted, including customer data. The ransomware also encrypted the company’s backups. Unable to afford the ransom demand, the company reached out to its insurer. Within minutes, the insurer’s security incident response team contacted company employees to diagnose the damage and minimise further loss.
Ultimately, the insurance not only covered the ransom demand but also provided support for business interruption, forensic investigation, and data restoration.
Cybersecurity best practice
Leading experts in cybersecurity and risk management advocate for robust cybersecurity measures as a strategic necessity rather than a luxury. Likewise, insurers now demand stringent cybersecurity controls before offering coverage. These controls include:
- Multi-factor authentication (MFA)
- Endpoint detection and response
- Secure data backups
- Comprehensive staff training
- Segregation of end-of-life systems
- Timely patch management
- Email filtering and password management
Moreover, businesses are encouraged to implement preventative and detective controls such as privileged access management, business continuity planning, and continuous monitoring. While insurers may vary in their specific requirements, adhering to these standards is considered fundamental business practice.
Embracing cybersecurity
The prevalence of cyber risks facing wealth managers necessitates a proactive approach to cybersecurity. By implementing robust cybersecurity measures, businesses can not only mitigate risks, but also safeguard their reputation and support sustainable growth.
For more information, visit Lockton’s Cyber page, or contact:
Jack Bassett, Assistant Vice President, Lockton Global Cyber & Technology
Laura Skaanild, Head of Global Financial Institutions, Lockton
