How can financial advisers protect their
website and client data from cyber-attack?Websites and data can be protected by having strong, robust and updated systems guarded by the latest protection software and technology. However, it is equally important to be protected for the aftermath of a cyber-attack, which can cause not just monetary & data theft but also disruption of business operations & services, a serious dent in reputation & image, litigation by affected customers, negligence charges by regulators and large-scale business losses.
Traditional insurance products like Professional Indemnity and Commercial General Loss policies are not adequate to cover the costs of the aftermath of a cyber-crime as described above.
However, since the past year highly dedicated cyber-crime insurance policies are available in India that offer not just financial protection but also the services of experts such as lawyers, forensic experts, public relations advisers, credit monitoring firms, etc. Moreover, the insured will have the services of both the broker as well as the insurer to effectively manage the breach situation. These policies can be customized to the exact requirements of financial service firms.
Why are financial intermediaries prone to cyber-attack?
Financial intermediaries and institutions are prone to cyber-attack because they are repositories of huge quantities of financial information, are involved in transactions worth crores of rupees every day, tend to have millions of retail customers who are relatively easy to hoodwink, and (at least in India) thought to have systems that are relatively more vulnerable to cyber-attacks.
According to Arbor Networks, 34% of Indian financial services firms reported cyber-attacks and threats in 2014 compared to 15% in 2013. Thus, both threat perception as well as actual cyber-attacks are growing in Indias financial sector. But apart from a handful of large banks, the sector is inadequately insured for cyber-crime.
Is the cost involved to protect data from such instances very high?
Not as high as the potential losses from a large-scale cyber-attack in terms of disruption of services and the costs & damages of managing the aftermath, which have the potential to be quite huge.
How has been your experience in protecting client data? What measures have you taken to protect client data from cyber-attack?
Corporate India is aware of the dangers and risks from cyber-crime but slow to protect itself with the right kind of insurance product. According to Prudent Insurance Brokers estimates, so far not even 100 customized cyber- crime protection insurance policies have been purchased in India. These policies protect a company not just from the financial losses arising out of a cyber-attack but also for third party costs such as forensic investigations, legal costs, public relations expenses and the like.
Who are the people you think could commit such cyber-attacks? What could be their intention?
According to the National Crime Records Bureau (NCRB) cyber-crime increased by 350% in the three years between 2010 and 2013. Cyber criminals could be anyone from disgruntled employees to hackers who hire out their services to the highest bidder. Most cyber-crime is about monetary greed and as per NCRB the bulk of arrests up to the year 2013 took place in the 18-30 age group, followed by the 30-45 age group.
Tanuj can be reached at tanuj.gulani@prudentbrokers.com