Incidents related to cybersecurity have had a significant rise in all countries of the world in recent years; affecting various industries, and banking is no exception.
According to the most recent FBI report for the year 2021, the health, financial and technology sectors were the most affected by Ransomware-type attacks and a significant increase is expected for the year 2022. Losses reported to the FBI in Ransomware attacks exceeds USD $49 Million by 2021, this does not include estimates of lost business, time, wages, files, equipment or payments to third parties for repair/restoration.
The mechanics that cybercriminals use to stalk their victims have also been diversifying; and just as there are unplanned attacks with recurring modalities, there are also sophisticated attacks that sometimes manage to circumvent the security protocols of organizations, endangering the operation and continuity of the business.
The banking sector is one of the industries most prone to cyberattacks, since they host confidential and financial data of their clients; situation that forces them to constantly update their cyber defense systems, as well as promoting “good practices” among their collaborators and clients to avoid falling into fraud.
What happens if a bank is the victim of fraud or a cyber attack?
Each bank implements different risk prevention and mitigation systems, since cyberattacks can lead to the loss of bank operations, the capture of income or the loss of data, among other consequences that will negatively affect the organization.
“Cybercriminals are on the prowl and trying different ways to circumvent security, in the best of scenarios the attacks will be unsuccessful, but a scenario should always be considered where it is assumed that the attack was effective. Then the design of the attack should be considered. a plan to restore systems and mitigate future attacks,” said Christian Nanne, director of professional services at SISAP.
The expert shares that different organizations, such as banks, in addition to avoiding and mitigating risk, also use insurance policies to transfer the risk of economic loss to a third party, caused by a cyber attack or other causes. For many years, the calculation of these policies has been a subject of debate among the boards of directors of the banks, since there was no quantitative model that would objectively establish the premium for these policies.
Currently, technological advances offer the possibility of calculating these insurance premiums in a more exact way, based on complex algorithms that allow considering a large number of variants. Nanne shares that to make this calculation, the risks to which the organization is exposed are analyzed, using this data to close cybersecurity gaps, which allows optimizing insurance policies, thus facilitating decision-making by the boards of directors.
“Dimensioning the economic impact that a cyber attack can have should not only involve the financial area, nor the IT area, it is a joint task that goes further. Tools such as X-Analytics greatly facilitate this calculation, provide certainty and peace of mind , but it also allows us to identify cybersecurity gaps that can be closed by better understanding the risks and damages to which we are exposed,” added Nanne, director of professional services at SISAP.
The expert was visiting Panama during the month of March to give the conference “From cyber insurance policies to future cyber security investments” during the II Congress of Cyber Security and Fraud of Panama, in his talk he expanded information related to the use of tools such as X -Analytics, to facilitate the calculation of the economic impacts that cyber attacks can represent in different industries, including banking.
