Skip to main content
main content, press tab to continue
Article

Analyzing fintech cyber risks through insurance claims: A data-driven perspective

By Anthony Rapa | October 16, 2024

What can claims data tell us about the differences between fintech and traditional financial institutions (FI) risks?
|Financial, Executive and Professional Risks (FINEX)
The Future of Financial Services

Introduction

The fintech industry continues to revolutionize the financial services landscape by combining innovative technology with financial solutions. As these tech-first firms continue to grow and disrupt traditional FIs, they face a unique set of risks that differ significantly from their traditional counterparts. Understanding these risks is crucial for fintech companies aiming to safeguard their operations and for stakeholders who support them.

Our goal here is to examine the risks fintech firms face by analyzing the insurance claims they are actually reporting to the market. By understanding the frequency and nature of these claims, we can gain valuable insights into their unique risk profiles and how they differ from traditional financial institutions.

WTW claims database

To accurately assess the risks that fintech firms face, we utilize the comprehensive data available via the WTW Claims Database. Analyzing numerous claims submitted to our Financial, Executive, and Professional Risks (FINEX) division globally, our Client Insight and Analysis team anonymizes the data to protect client confidentiality and produces actionable insights.

Our claims information is accessible to clients in two forms: a dynamic online tool that allows them to explore data based on their specific needs, and detailed claims reports that highlight key risk areas. By leveraging these resources, fintech firms can gain valuable insights into their distinct risk profiles and how they differ from traditional financial institutions.

Insights

  1. 01

    Cyber claims dominate

    The WTW Claims Database shows that fintech companies report a significantly higher percentage of cyber-related insurance claims compared to traditional financial institutions.

    • Cyber claims constitute 41% of all insurance claims filed by fintech firms.
    • In contrast, cyber claims account for only 5% in banking, 4% in wealth management, 2% in asset management, and 28% in insurance companies.


  1. Given their tech-centric nature, this result is not surprising. Fintechs are inherently more exposed to cyber risks as their reliance on digital platforms, cloud services, and online customer interactions makes them prime targets for cyber threats. This high percentage of claims underscores the need for robust cybersecurity measures tailored to the specific vulnerabilities of fintech operations.

  2. 02

    Social engineering and hacking damage

    Both fintech companies and traditional FI’s identify malicious data breaches as the primary cause of cyber claims, with 30% of fintechs' and 36% of traditional FIs' cyber claims attributed to this threat. These are the sort of classic hacking attacks where wrongdoers exploit holes in a firm’s cyber security perimeter to gain access to systems and data. While this is in and of itself not surprising, compared to traditional FIs, fintech firms face a unique mix of secondary and tertiary cyber risks, notably social engineering, and hacking damage, at higher rates than traditional FIs.

    • Social engineering: Accounts for 24% of fintech cyber claims versus 10% for traditional FIs.
    • Hacking damage: Makes up 12% of fintech cyber claims compared to 6% for traditional FIs.


  1. Fintech platforms, often dealing with innovative tech-first solutions, may present new vulnerabilities which cybercriminals may try to exploit. Social engineering attacks exploit human psychology, tricking employees or customers into divulging sensitive information or performing actions that compromise security. The higher incidence of hacking damage suggests that fintech platforms are targeted for their technological assets. Compare this to traditional FIs, who are more likely to be targeted for their large troves of customer data.

  2. 03

    Overlap between cyber risks and crime

    Cyber risks in fintech firms often bleed into traditional crime, highlighting the blurred lines between cyber incidents and criminal activities.

    • Platform attacks and social engineering not only compromise data but can also lead to direct financial theft and fraud.


  1. The digital nature of fintech operations also means that cyberattacks can serve as a vector for direct financial loss – theft of firm or customer funds via unauthorized transactions. This is a critical risk management issue to address, as cybercrime can seriously damage a firm’s hard-earned consumer trust. Firms should take great care then to ensure close coordination between their cyber insurance and crime, as the two policies must be considered in tandem when addressing this significant exposure.

  2. 04

    Fintechs face fewer accidental data breach claims

    Fintech firms report fewer accidental data breach claims compared to traditional FIs.

    • Accidental data breaches account for 9% of fintech cyber claims versus 19% for traditional FIs.

    This discrepancy may be due to fintechs having newer, more secure systems built with modern security standards, or smaller sensitive record counts. Alternatively, it could indicate underreporting, or a lack of awareness that certain seemingly immaterial events are, in fact, reportable insurance claims. From our experience, late reporting of claims unfortunately remains a leading cause of claim denials, and fintech firms should lean heavily on their insurance broker for advice concerning potential incidents as early in the process as possible.

  3. 05

    Lower incidence of ransomware claims in Fintechs

    Fintech companies report fewer ransomware claims than traditional FIs.

    • Ransomware constitutes 5% of reported fintech cyber claims compared to 13% for traditional FIs.

    This may suggest that fintechs are better prepared for ransomware attacks, possibly due to more advanced cybersecurity measures or greater agility in responding to threats. However, it could also mean that ransomware attacks are underrepresented in the data because firms neglect to file claims, or that attackers focus more on traditional institutions perceived as more vulnerable when it comes to their generally larger troves of personally identifiable information (PII) or protected health information (PHI).

Conclusion

Examining real world claims trends provides us with yet another data point fintechs can use to understand their unique risk profiles. However, we should be careful not to substitute these results for a comprehensive, firm-specific approach to risk quantification and mitigation, as each fintech firm presents its own unique mix of cyber, professional, crime, and management liability risks.

Nevertheless, the data serves as a reminder of the importance of robust cyber security protocols in the fintech world, and which areas in particular are most frequently the subject of reportable insurance claims. By integrating these insights with a thorough evaluation of your own specific operations and exposures, you can develop a tailored strategy that addresses both shared challenges and the unique risks inherent to your business. This nuanced approach can help ensure that your firm is prepared to navigate the complexities of the fintech landscape.

Author


Fintech Subvertical Leader, Financial Institutions & Professional Services – North America

Contacts


Medina El-Farra
Team Leader – FINEX Financial Institutions, Canada

Global Head of FINEX Financial Institutions
email Email

SOLUTION

Fintech and Digital Assets Taskforce

WTW has brought together their global Fintech and digital assets specialists in an integrated taskforce across all lines of insurance

Contact us