ARTICLE
17 October 2024

Analyzing Fintech Cyber Risks Through Insurance Claims: A Data-driven Perspective

W
WTW

Contributor

At WTW, we provide data-driven, insight-led solutions in the areas of people, risk and capital that make your organization more resilient, motivate your workforce, and maximize performance.

We work shoulder to shoulder with you, bringing diverse points of view and a deep commitment to your success.

By challenging one another, we achieve breakthroughs because only the best ideas survive. The result? Innovative solutions that meet your needs—informed by the global view and the local understanding of our colleagues around the world.

Together, we broaden your horizon and sharpen your focus.

Transform your toughest challenges into actionable opportunities.

And set your path for sustainable success.

The fintech industry continues to revolutionize the financial services landscape by combining innovative technology with financial solutions
United Kingdom Technology

Introduction

The fintech industry continues to revolutionize the financial services landscape by combining innovative technology with financial solutions. As these tech-first firms continue to grow and disrupt traditional FIs, they face a unique set of risks that differ significantly from their traditional counterparts. Understanding these risks is crucial for fintech companies aiming to safeguard their operations and for stakeholders who support them.

Our goal here is to examine the risks fintech firms face by analyzing the insurance claims they are actually reporting to the market. By understanding the frequency and nature of these claims, we can gain valuable insights into their unique risk profiles and how they differ from traditional financial institutions.

WTW claims database

To accurately assess the risks that fintech firms face, we utilize the comprehensive data available via the WTW Claims Database. Analyzing numerous claims submitted to our Financial, Executive, and Professional Risks (FINEX) division globally, our Client Insight and Analysis team anonymizes the data to protect client confidentiality and produces actionable insights.

Our claims information is accessible to clients in two forms: a dynamic online tool that allows them to explore data based on their specific needs, and detailed claims reports that highlight key risk areas. By leveraging these resources, fintech firms can gain valuable insights into their distinct risk profiles and how they differ from traditional financial institutions.

Insights

01 Cyber claims dominate

The WTW Claims Database shows that fintech companies report a significantly higher percentage of cyber-related insurance claims compared to traditional financial institutions.

  • Cyber claims constitute 41% of all insurance claims filed by fintech firms.
  • In contrast, cyber claims account for only 5% in banking, 4% in wealth management, 2% in asset management, and 28% in insurance companies.

1532080a.jpg

Given their tech-centric nature, this result is not surprising. Fintechs are inherently more exposed to cyber risks as their reliance on digital platforms, cloud services, and online customer interactions makes them prime targets for cyber threats. This high percentage of claims underscores the need for robust cybersecurity measures tailored to the specific vulnerabilities of fintech operations.

02 Social engineering and hacking damage

Both fintech companies and traditional FI's identify malicious data breaches as the primary cause of cyber claims, with 30% of fintechs' and 36% of traditional FIs' cyber claims attributed to this threat. These are the sort of classic hacking attacks where wrongdoers exploit holes in a firm's cyber security perimeter to gain access to systems and data. While this is in and of itself not surprising, compared to traditional FIs, fintech firms face a unique mix of secondary and tertiary cyber risks, notably social engineering, and hacking damage, at higher rates than traditional FIs.

  • Social engineering: Accounts for 24% of fintech cyber claims versus 10% for traditional FIs.
  • Hacking damage: Makes up 12% of fintech cyber claims compared to 6% for traditional FIs.

12% of fintech cyber claims are made up of hacking damages.

1532080b.jpeg

Fintech platforms, often dealing with innovative tech-first solutions, may present new vulnerabilities which cybercriminals may try to exploit. Social engineering attacks exploit human psychology, tricking employees or customers into divulging sensitive information or performing actions that compromise security. The higher incidence of hacking damage suggests that fintech platforms are targeted for their technological assets. Compare this to traditional FIs, who are more likely to be targeted for their large troves of customer data.

03 Overlap between cyber risks and crime

Cyber risks in fintech firms often bleed into traditional crime, highlighting the blurred lines between cyber incidents and criminal activities.

  • Platform attacks and social engineering not only compromise data but can also lead to direct financial theft and fraud.

1532080c.jpeg

The digital nature of fintech operations also means that cyberattacks can serve as a vector for direct financial loss – theft of firm or customer funds via unauthorized transactions. This is a critical risk management issue to address, as cybercrime can seriously damage a firm's hard-earned consumer trust. Firms should take great care then to ensure close coordination between their cyber insurance and crime, as the two policies must be considered in tandem when addressing this significant exposure.

The digital nature of fintech operations also means that cyberattacks can serve as a vector for direct financial loss

04 Fintechs face fewer accidental data breach claims

Fintech firms report fewer accidental data breach claims compared to traditional FIs.

  • Accidental data breaches account for 9% of fintech cyber claims versus 19% for traditional FIs.

This discrepancy may be due to fintechs having newer, more secure systems built with modern security standards, or smaller sensitive record counts. Alternatively, it could indicate underreporting, or a lack of awareness that certain seemingly immaterial events are, in fact, reportable insurance claims. From our experience, late reporting of claims unfortunately remains a leading cause of claim denials, and fintech firms should lean heavily on their insurance broker for advice concerning potential incidents as early in the process as possible.

05 Lower incidence of ransomware claims in Fintechs

Fintech companies report fewer ransomware claims than traditional FIs.

  • Ransomware constitutes 5% of reported fintech cyber claims compared to 13% for traditional FIs.

5% of fintech cyber claims are made up of ransomware attacks.

This may suggest that fintechs are better prepared for ransomware attacks, possibly due to more advanced cybersecurity measures or greater agility in responding to threats. However, it could also mean that ransomware attacks are underrepresented in the data because firms neglect to file claims, or that attackers focus more on traditional institutions perceived as more vulnerable when it comes to their generally larger troves of personally identifiable information (PII) or protected health information (PHI).

Conclusion

Examining real world claims trends provides us with yet another data point fintechs can use to understand their unique risk profiles. However, we should be careful not to substitute these results for a comprehensive, firm-specific approach to risk quantification and mitigation, as each fintech firm presents its own unique mix of cyber, professional, crime, and management liability risks.

Nevertheless, the data serves as a reminder of the importance of robust cyber security protocols in the fintech world, and which areas in particular are most frequently the subject of reportable insurance claims. By integrating these insights with a thorough evaluation of your own specific operations and exposures, you can develop a tailored strategy that addresses both shared challenges and the unique risks inherent to your business. This nuanced approach can help ensure that your firm is prepared to navigate the complexities of the fintech landscape.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Technology Law and Digital Law

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More