Financial Services and Insurance are Second in Most Cyber Attacks: 2 actions you can take today

Did you know the financial services and insurance sector was the target of nearly 19% of all cyber attacks last year, making them second only to manufacturing (24.8%) businesses in frequency?

While the industry does retain a significant amount of personal information desirable to bad actors, the more likely reason for the target on our back is the lag of preparedness still pervasive across financial institutions and insurance organizations.

From establishing systems and processes to due diligence and risk management, too many of our organizations tout these protective measures for their clients and customers, but lack the internal infrastructure and staff required to safeguard our own backyard.

As October and Cybersecurity Awareness Month comes to a close, two key risk management best practices stand out for me as more actionable than most others. If you’re not doing these two, add them to your cyber security toolkit and train on them.

1.???? Reduce the gap created by human error. When it comes to cyber risk, we want to name the offender behind the keyboard, but these have never been the real risk. Human judgment, human discretion and human decision-making is more often the real risk.

As many as 82% of the 23,000 incidents and 5,200 breaches analyzed in Verizon’s 2022 Data Breach Investigations Report involved human error, from social engineering to misuse and simple human mistakes.

This data proves we do not need to be experts in tech speak, cryptocurrency or remote access trojan (RAT). It is ultimately up to the end user, the person working next to you in the cubicle, to refrain from clicking on the foreign attachment or resist accessing sensitive data through a public Wi-Fi connection. How you use technology is what makes us most vulnerable.

Training teammates can bridge the human error gap with the following:

1.???? Educate teammates on the most common cyber threats today, including malware, denial of service attacks, phishing, spoofing, broken access control and more.

2.???? Require teammates to update passwords on a regular interval.?

3.???? Require a phone call to the recipient of wire and money transfers over a certain amount at before transfer.

4.???? Teach and then test teammates on recognizing fraudulent emails.

?

2.???? Tabletop exercises prove your plan successful. Having a cyber response plan in place is one thing. Running the plays to ensure that every detail is accounted for is often another.

A few lessons learned that could make a tabletop exercise successful:

• All teammates involved in the cyber response plan should be engaged in the tabletop exercise.
• Teammates can be informed of the tabletop exercise — or not. There are benefits to revealing the exercise and keeping the drill a secret.
• A breach scenario should be chosen that is realistic to the business.
• Look for these types of operational issues to surface during the tabletop exercise:

-?????? When does the CEO need to be alerted of a breach? The board of directors?

-?????? When does legal need to know and get involved? When should your cyber insurer be notified?

·?????? Capture issues and lessons learned during the event and turn them into a report for future planning.

• Conducting a tabletop exercise annually is a best practice. Some companies have escalated this practice to quarterly.

Test, test and then retest. Make sure your business’s cybersecurity plan is bulletproof.

Don’t go it alone

Businesses that have not yet experienced a cyber breach cannot rest on their laurels —?anymore. In the ongoing work-from-home and hybrid environment, financial services and insurance businesses, regardless of their size, cannot manage the current cyber threat environment without leaning on dedicated resources like a cyber insurance policy, right-sized for your business’ unique risks, coupled with strong risk management best practices.