Cyber warnings as financial services companies in the crosshairs

Financial services institutions are viewed as some of the most prominent targets for cyber criminals and as such despite the millions invested in security still need to remain vigilant to new methods of attack.

Allianz Global Corporate & Specialty (AGCS) has published its Global Industry Solutions Financial Services Outlook  which supported earlier research that found cyber incidents, macroeconomic developments, and changes in legislation and regulation are the top risks for Financial Services (FS) companies.

Cyber incidents rank as the top risk overall for companies and criminals’ tactics are evolving. Martin Zschech, Global Industry Solutions Director for Financial Services at AGCS, warned.

“Despite investing in significant levels of cyber security spend each year, respondents view the FS industry as highly exposed,” he said. “The main threat for financial institutions is the attempt to repossess the assets they hold. This can be achieved in multiple ways – for example, through impersonation, cyber-attack or falsified electronic correspondence.” The banking industry alone experienced a 1,300%+ increase in ransomware attacks in 2021, according to reports.

“Attack methods evolve quickly,” Zschech continued. “For example, open-source AI tools can be used to craft highly personalized spear phishing attacks. At the same time, the growing reliance of companies on third-party providers, such as cloud computing services, means they can be vulnerable to cyber-attacks that have a knock-on effect across the financial system.”

AGCS said cyber-attacks often include a human element, where employees, contractors or customers are unwittingly complicit in incidents. Training and technology can help minimize human error. In addition, companies need to operationalize their response to regulation and privacy rights in relevant jurisdictions.

Macroeconomic developments are also impacting financial institutions. Inflation is still likely to be one of the most challenging risks to manage, according to the report.  A particularly damaging consequence of inflation is its long-term impact. Investments may take a while to regain value even after the economy seemingly recovers. And while inflation triggers higher interest rates, which increases net interest income, it also slows down loan demand and brings a higher risk of loan default. The Silicon Valley Bank failure in March 2023 also highlights banks’ general macro-financial challenges from restrictive monetary policy, which essentially removes diversification, according to Allianz Research. Negative returns from bonds and equity put pressure on assets while quantitative tightening has led to a contraction of money supply, resulting in greater competition for deposits (as banks lend less).

Compliance remains one of the biggest challenges for FS companies, with legislation and regulation around digitalisation, climate change and environmental, social, and governance (ESG) issues constantly evolving.

“The compliance burden for financial institutions has increased significantly over the past decade,” Zschech explained. Regulatory enforcement has intensified, with companies more readily held to account. At the same time, increases in sanctions, such as in response to Russia’s invasion of Ukraine, also bring unprecedented challenges.

“The growing focus on ESG topics offers the opportunity for many FS companies to step up and lead when it comes to investing in people and the planet, but regulations and guidance will still be a driver of risk going forward,” said Zschech. “Ultimately, the multiple regulatory and reporting challenges facing financial institutions requires them to improve the effectiveness and efficiency of their compliance activities and put data and technology to clever use.”

The Outlook said in recent years insurers have continued to see large claims relating to compliance and increased regulatory activity, according to AGCS analysis of 7,654 insurance industry claims worth €870 million. Violations can be contributing factors to each of the top causes of loss by severity. Cyber incidents, including crime, have resulted in some of the most expensive claims in the analysed dataset.

“Insurers have seen a growing number of technology-related losses, including claims made against directors following major privacy breaches,” the Outlook added. “Sizable losses have also come from fraudulent payment instructions while insurers have also handled a number of liability claims arising from technical problems with exchanges and electronic processing systems where systems have gone down, and companies have not been able to execute trades.”