The fintech industry continues to revolutionize the financial services landscape by combining innovative technology with financial solutions. As these tech-first firms continue to grow and disrupt traditional FIs, they face a unique set of risks that differ significantly from their traditional counterparts. Understanding these risks is crucial for fintech companies aiming to safeguard their operations and for stakeholders who support them.
Our goal here is to examine the risks fintech firms face by analyzing the insurance claims they are actually reporting to the market. By understanding the frequency and nature of these claims, we can gain valuable insights into their unique risk profiles and how they differ from traditional financial institutions.
To accurately assess the risks that fintech firms face, we utilize the comprehensive data available via the WTW Claims Database. Analyzing numerous claims submitted to our Financial, Executive, and Professional Risks (FINEX) division globally, our Client Insight and Analysis team anonymizes the data to protect client confidentiality and produces actionable insights.
Our claims information is accessible to clients in two forms: a dynamic online tool that allows them to explore data based on their specific needs, and detailed claims reports that highlight key risk areas. By leveraging these resources, fintech firms can gain valuable insights into their distinct risk profiles and how they differ from traditional financial institutions.
01
The WTW Claims Database shows that fintech companies report a significantly higher percentage of cyber-related insurance claims compared to traditional financial institutions.
Given their tech-centric nature, this result is not surprising. Fintechs are inherently more exposed to cyber risks as their reliance on digital platforms, cloud services, and online customer interactions makes them prime targets for cyber threats. This high percentage of claims underscores the need for robust cybersecurity measures tailored to the specific vulnerabilities of fintech operations.
02
Both fintech companies and traditional FI’s identify malicious data breaches as the primary cause of cyber claims, with 30% of fintechs' and 36% of traditional FIs' cyber claims attributed to this threat. These are the sort of classic hacking attacks where wrongdoers exploit holes in a firm’s cyber security perimeter to gain access to systems and data. While this is in and of itself not surprising, compared to traditional FIs, fintech firms face a unique mix of secondary and tertiary cyber risks, notably social engineering, and hacking damage, at higher rates than traditional FIs.
Fintech platforms, often dealing with innovative tech-first solutions, may present new vulnerabilities which cybercriminals may try to exploit. Social engineering attacks exploit human psychology, tricking employees or customers into divulging sensitive information or performing actions that compromise security. The higher incidence of hacking damage suggests that fintech platforms are targeted for their technological assets. Compare this to traditional FIs, who are more likely to be targeted for their large troves of customer data.
03
Cyber risks in fintech firms often bleed into traditional crime, highlighting the blurred lines between cyber incidents and criminal activities.
The digital nature of fintech operations also means that cyberattacks can serve as a vector for direct financial loss – theft of firm or customer funds via unauthorized transactions. This is a critical risk management issue to address, as cybercrime can seriously damage a firm’s hard-earned consumer trust. Firms should take great care then to ensure close coordination between their cyber insurance and crime, as the two policies must be considered in tandem when addressing this significant exposure.
04
Fintech firms report fewer accidental data breach claims compared to traditional FIs.
This discrepancy may be due to fintechs having newer, more secure systems built with modern security standards, or smaller sensitive record counts. Alternatively, it could indicate underreporting, or a lack of awareness that certain seemingly immaterial events are, in fact, reportable insurance claims. From our experience, late reporting of claims unfortunately remains a leading cause of claim denials, and fintech firms should lean heavily on their insurance broker for advice concerning potential incidents as early in the process as possible.
05
Fintech companies report fewer ransomware claims than traditional FIs.
This may suggest that fintechs are better prepared for ransomware attacks, possibly due to more advanced cybersecurity measures or greater agility in responding to threats. However, it could also mean that ransomware attacks are underrepresented in the data because firms neglect to file claims, or that attackers focus more on traditional institutions perceived as more vulnerable when it comes to their generally larger troves of personally identifiable information (PII) or protected health information (PHI).
Examining real world claims trends provides us with yet another data point fintechs can use to understand their unique risk profiles. However, we should be careful not to substitute these results for a comprehensive, firm-specific approach to risk quantification and mitigation, as each fintech firm presents its own unique mix of cyber, professional, crime, and management liability risks.
Nevertheless, the data serves as a reminder of the importance of robust cyber security protocols in the fintech world, and which areas in particular are most frequently the subject of reportable insurance claims. By integrating these insights with a thorough evaluation of your own specific operations and exposures, you can develop a tailored strategy that addresses both shared challenges and the unique risks inherent to your business. This nuanced approach can help ensure that your firm is prepared to navigate the complexities of the fintech landscape.
5% of fintech cyber claims are made up of ransomware attacks.