EIOPA: cyber-attack could disrupt entire financial system

The COVID-19 pandemic and related remote working arrangements have expanded the landscape of opportunities for cyber attackers, according to the European Insurance and Occupational Pensions Authority (EIOPA), highlighting the systemic risk potential for a major attack.

Publishing its latest Financial Stability Report, EIOPA said that COVID-19 has prompted a move to working from home and an increased reliance on digital solutions, including among financial institutions:

“Calculations from the Bank of International Settlements (BIS) show that the financial sector ranks high both in terms of working from home and frequency of cyber events during the pandemic when compared to other sectors. Furthermore, it has the largest share of COVID-19-related cyber events after the health sector, with payment firms, insurers and credit unions being most affected.”

The report added that most insurance supervisors anticipate an increase in the materiality of risks related to digitalisation over the next year. Indeed, it said that the results of the EIOPA Spring 2021 insurance bottom-up survey (BUS) among supervisors show risks related to digitalisation ranking in the fifth place in terms of materiality, after macro, market, credit and profitability and solvency risks, but still above e.g. underwriting, liquidity and ESG risks.

When considering the expected developments in terms of risk materiality over the next year, risks related to digitalisation are ranked first – results comparable to those of the EIOPA Autumn 2020 BUS.

The new working arrangements in place during the pandemic are also expected to heighten cyber security risk for insurers, according to the report:

“Cyber security risks are considered the main driver of the developments in digitalisation risks (73% of supervisors), followed by cyber underwriting risks (19%) and InsurTech competition (8%). The COVID-19 pandemic and the associated increased reliance on digital solutions and infrastructure to conduct business and telework are perceived as having increased the vulnerability of the sec- tor to cyber-attacks, with insurers in some jurisdictions already reporting an increasing number of malware and other cyber attempts.”

Overall, according to EIOPA, the number of cyber-attacks has been on the rise and the financial sector has become a key target. The International Monetary Fund (IMF) estimates that the number of cyberattacks has tripled over the last decade, with financial services being the most affected industry due to the increased digitalisation of its business models:

“Attackers have now access to cheaper, simple and more powerful hacking tools and the availability of mobile services for many people expands the opportunities for cyber-attacks. A successful attack on a major financial institution, or on a core system or service used by many, could spread to the entire financial system due to inter- connectedness, with potential consequences in terms of business continuity, reputation and, under extreme scenarios, liquidity and financial stability.”

Follow us on twitter: @RisksEmerging

The report added that most insurance supervisors anticipate an increase in the materiality of risks related to digitalisation over the next year.