Chubb Report Spotlights Biometric Privacy Act, iEncrpyt and Cyber Risks Facing Financial Institutions

Chubb's latest Cyber InFocus Report, "Know the Latest Trends in Cyber Risks," outlines the newest cyber exposures that all institutions should have on their radar.

Source: Chubb | Published on August 28, 2019

Digital security concept

The first of these new risks surrounds a recent surge in Biometrics Information Privacy Act (BIPA) lawsuits, which has created a growing need for organizations to better understand current and emerging privacy laws. BIPA regulates the collection, use, storage, safeguarding, retention, and destruction of biometric identifiers—such as retina or iris scans and fingerprints—and biometric information that companies collect on their employees and customers. Biometric data regulation varies at the state level and has been a focus of U.S. federal and international legislators and regulators, so it is imperative that companies understand the legal requirements of each state and of the countries in which they conduct business.

The second cyber risk comes from the emergence of a newly detected ransomware variant—iEncrypt. It is characterized by mid-six to seven figure ransom demands and is spread through existing malware, such as Dridex or Emotet. With this growing threat in mind, malware detection and regular backups of main systems are increasingly important to protect against company data being held hostage. This type of event can cause severe business interruption.

While cyber risks exist for all businesses, the vast amount of financial transactions and corresponding monetary opportunities for cyber criminals make financial institutions a prime target for bad actors. In fact, proprietary claims data from the Chubb Cyber IndexSM shows that the median cost of a cyber incident has doubled for financial institutions in the past three years.

"Financial institutions were some of the early adopters of cyber security technology and training due to their central role in the economy and the need to protect their clients' sensitive data," said Michael Tanenbaum, Head of Chubb Cyber North America. "However, we are seeing cyber criminals continually evolve in their methods of attacking the industry—meaning that the financial services space is still fertile ground for bad actors looking to exploit any gaps that they can find."

Compounding this concern is that many of these attacks are preventable. Human error tops the list of cyber attacks hitting the industry, tied with hacking, accounting for 21% of cyber claims for Chubb's financial institution clients in 2019. Rounding out the top three sources of cyber attacks is phishing and other forms of social engineering at 18%.

"In general, financial institutions are at the cutting edge in terms of cyber security software and processes," added Anthony Dolce, Vice President, Chubb Cyber Claims. "However, every day we see situations where one stray click on a well-targeted phishing email can result in losses of millions of dollars."

About Chubb's Cyber InFocus Report

Chubb's Cyber InFocus report, first launched in early 2018, provides insights into the effects of cyber risks and trends on specific industries or business segments each quarter. Such insight is based on Chubb's use of third-party research, as well as proprietary claims data from more than two decades of insuring organizations against evolving cyber threats.

Visit www.chubb.com/cyber to read this quarter's Chubb Cyber InFocus Report, gain access to additional insight into risk mitigation practices, as well as real-time proprietary cyber claims data through the Chubb Cyber Index. Visit Chubb Cyber InFocus to view a video on this quarter's topic.

For more information on Chubb's cyber products and services, contact your local Chubb agent or broker.

About Chubb Cyber:
Chubb is a leader in insuring cyber risk. Combining industry-leading underwriting and expert third-party incident response services, Chubb offers policies that are tailored to the specific needs and risks of its clients to help ensure they are ready with the tools and expertise necessary should a cyber incident occur. Moving swiftly to connect clients with the proper parties to minimize data loss is only part of what Chubb delivers. Keeping an eye on the ever-evolving cyber security landscape, Chubb looks for ways to do more for its clients by offering cutting-edge products and holistic services to each and every client.