The Growing Cyber Risks in Fintech and How to Mitigate Them | Woodruff Sawyer
Understanding the regulations that govern your business will also be key, and will set the stage for the systems you put in place to ensure compliance.
Working with outside counsel to identify the specific risks that you face when building out your product will help with understanding the scope of regulations to adhere too. Not only will it govern the data privacy protections you must have in place but will also determine what forms of licensing you have to apply for, like payment andelectronic money institutions who need to register under PSD2 in the EU.
This aspect of a cyber policy covers network security failures as a result of network intrusions, data breaches, cyber extortions, including ransomware, or business email compromise.
Policies can cover the negotiation and payment of a ransomware demand, data restoration, legal expenses, IT forensics, breach notification to consumers, public relations, call center setup, credit monitoring, and identity restoration.
It can also protect organizations from liabilities from a cyber incident or regulatory violation.
Examples include liabilities from a contractual obligation, expenses from regulatory investigations and penalties from governments and/or law enforcement, and class action litigation and settlements.
Network Business Interruption
A cyber policy can help you recover lost profits and other costs if there are network outages caused by security failures (such as malware) or system failures (like administrative errors or botched upgrades).
Some organizations may face challenges in demonstrating lost revenue directly, as this might result in errors and omissions coverage.
Errors and Omission
The E&O coverage protects policyholders from claims arising from errors in performance or failure to perform services.
Given the scope of fintech offerings, this could cross the gambit of an improperly implemented technology platform, an error or mistake in the evaluation of who qualifies for a loan or might even be caused by consumers not being able to access their funds caused by a network business interruption event. All of these have potential to manifest as a third-party liability claim from customers or consumers.
This is something I’ll further explore in a detailed article next time (stay informed of future articles by subscribing to the Cyber Notebook right here on this page).
Securing the Coverage You Need
Because of the diverse nature of fintech, not all companies are going to have the same exposures. A well-crafted cyber policy can address the specific risks of your organization’s fintech liabilities.
Insurers are increasingly leveraging data analytics and artificial intelligence to assess cyber risks more accurately, tailor coverage solutions to specific industry sectors, and enhance the claims handling processes.
That said, cyber policy underwriting guidelines are becoming stricter in the face of evolving cyberattacks. Insurers are looking for certain cybersecurity controls to be in place before they offer coverage.
Working with a broker that specializes in cyber insurance can help you identify the risks you face, help you understand what’s required to get the coverage you need, and set the appropriate limits.
For more on what you need to know about the 2024 cyber insurance market, read Woodruff Sawyer’s Cyber Looking Ahead Guide, 2024 edition.
