Skip to main content
main content, press tab to continue
Campaign

Cyber spotlights on the financial institutions industry: Identify, assess, protect

Dive into cyber spotlights on notable incidents, latest threats, current trends, and tailored solutions for the financial institutions industry.

Contact Us

This spotlight delivers an overview of the latest cyber risks impacting the sector generally, including recent incidents and emerging threat vectors. We also highlight our insurance solutions that can address the cyber vulnerabilities faced by financial institutions. Use our insights to enhance your organisation’s cyber risk management approach.

What cyber incidents have we seen from the financial institutions industry?

In February 2024, a large international insurer disclosed that it experienced a data breach impacting over 2.5 million individuals. The company reported that attackers gained access to user accounts[EM1]  of employees and contractors, as well as company administrative user data stored on the compromised systems.

The breach was discovered in February, prompting the company to trigger its incident response plan. An investigation was conducted with the assistance of external experts. As a result, the company is offering two years of free credit monitoring services to the affected individuals.

Read more here

An American bank reported a ransomware attack targeting systems of one of their service providers. The attack affected over 55 thousand individuals. Reportedly, the breach involved unauthorised access to personal data, including account numbers and credit card information. The bank notified the customers approximately 90 days after the breach, potentially failing to meet timeframes indicated by the data breach notification laws.

Read more here

In May 2024, the bank identified that some of its systems were not working properly. Following internal investigation, the bank learned that this was due to unauthorised activity caused by an employee clicking on a malicious link. When the bank refused to pay ransom, the criminals leaked the data they got access to. The bank engaged with cybersecurity specialists, initiated its incident response process and stopped the attack. External specialists helped to investigate the cause and extent of the event and restore bank’s services.

Read more here

The credit union reported a serious security incident leading to the unavailability of its services, including online banking, mobile app, direct deposits, transfers and card transactions. It has been reported that the incident impacted over half a million of the credit union members. The credit union reported that the event had been caused by a ransomware attack that ultimately required them to proactively shut down some of its banking systems in order to contain and remediate the issue. As part of their response to the incident, the union established a website informing about their security updates, as well as a dedicated call centre and offered two-year complimentary credit monitoring service to the affected individuals.

Read more here

Cyber insurance claims we have seen from the financial institutions industry

laptop-error

Cyber claims notifications from the financial institution sector remain high

According to WTW cyber claims data, although H1 2024 claims notifications were lower than projected, the financial institutions sector remains second place (of 14) for number of claims notifications to date (behind the healthcare sector), making up 17% of all notifications to WTW. 35% of those notifications are attributed to malicious data breach and 25% to ransomware. Once H2 results are considered this may alter the status quo, as system failure business interruption losses are considered following the CrowdStrike outage.

Source : WTW proprietary claims data

Hazard

Attack Vectors

Leading Cyber insurer, Canopius, observe that nation state attacks against Financial institutions decreased in Q2 2024, which continues the trend since 2023, that the majority of attacks from the sector (circa 50%) originate from financially motivated threats (vs espionage, hactivism and terrorism) (Canopius – Financial Services: Threat Intelligence Report Q2 2024).

To defend these attacks, ‘behavior prevention on endpoints, such as EDR technologies, is the most effective control at mitigating against the types of attacks targeting the sector’, followed by ‘Filter Network Traffic’ (‘using network appliances to filter ingress or egress traffic and perform protocol-based filtering’) in second place (Canopius – Financial Services: Threat Intelligence Report Q2 2024).

Hazard

Regulatory landscape

As of 17 January 2025 the Digital Operational Resilience Act will come into force within the European Union. This will impact a wide variety of Financial Institutions from Credit Institutions to Insurance Organizations (Akamai/Glossary/What-is-dora). The focus of the Act is on ensuring resiliency and robust procedure to build strong cyber defences for the industry. Whilst many sophisticated Financial Institutions in the EU may already have such measures in place (for example vulnerability management programs and incident reporting procedures), Akamai suggest that ‘to prepare your organization for DORA legislation adherence, covered entities should carry out a gap analysis to see if the existing deployed measures meet some or all applicable requirements.’ (Akamai/Glossary/What-is-dora)


Our perspective on cyber market trends for the financial institutions industry

The cyber market has remained favourable for financial institutions this year with strong competition on primary and excess layers. Capacity in the London market remains ample, as insurers have a high level of confidence in the cyber security credentials of the sector. Moreover, financial lines insurers are eager to deepen their relationships across the various classes of insurance (PI, crime, D&O and cyber) on a cross-class basis, further driving competitive results. There has also been a greater flexibility from Insurers regarding retention options available, and capacity lines greater than $5M are now commonplace.

Although buying conditions have been favourable, limit purchasing for Financial Institutions has largely remained stable. Many WTW clients have taken a risk based approach to limit adequacy, utilising analytics tools such as WTW’s Cyber Quantified 2.0 to steer decision making, rather than available budget.

Instead, coverage analysis (including Retention options) has been of primary concern, including the alignment of internal incident response procedure with cyber insurance notification requirements and vendor panel solutions. This is of increasing interest to information security teams who can utilise insurer vendors to complement their own panels. Moreover, some insurers are offering discounts on selected information security tools for insureds to deploy on their infrastructure (e.g. EDR solutions) including advisory services. For example, Beazley have established their own in house cyber security function (Beazley security) and we expect this trend to develop further in 2025.

Captive deployment on Cyber programs remains an area of investigation for Financial Institutions. They can create competitive and generous coverage options. Although, given the competitiveness of the current insurance market they are yet to be deployed regularly for the sector, despite many clients regularly deploying their captives on other lines e.g. PI/Crime.

How WTW can help with identifying, assessing, and protecting your business

SOLUTION

Concerned, confused, or curious?

WTW is here to help you and your organization identify, assess, and protect itself against cyber risks. Our team of cyber specialists, with years of experience in your industry, will provide you with peace of mind, allowing you to focus on your day-to-day role.

Contact us