Report spotlights Biometric Privacy Act, iEncrpyt and cyber risks facing financial institutions
The first of these new risks surrounds a recent surge in Biometrics Information Privacy Act (BIPA) lawsuits, which has created a growing need for organizations to better understand current and emerging privacy laws. BIPA regulates the collection, use, storage, safeguarding, retention, and destruction of biometric identifiers—such as retina or iris scans and fingerprints—and biometric information that companies collect on their employees and customers. Biometric data regulation varies at the state level and has been a focus of U.S. federal and international legislators and regulators, so it is imperative that companies understand the legal requirements of each state and of the countries in which they conduct business.
The second cyber risk comes from the emergence of a newly detected ransomware variant—iEncrypt. It is characterized by mid-six to seven figure ransom demands and is spread through existing malware, such as Dridex or Emotet. With this growing threat in mind, malware detection and regular backups of main systems are increasingly important to protect against company data being held hostage. This type of event can cause severe business interruption.
While cyber risks exist for all businesses, the vast amount of financial transactions and corresponding monetary opportunities for cyber criminals make financial institutions a prime target for bad actors. In fact, proprietary claims data from the Chubb Cyber IndexSM shows that the median cost of a cyber incident has doubled for financial institutions in the past three years.
“Financial institutions were some of the early adopters of cyber security technology and training due to their central role in the economy and the need to protect their clients’ sensitive data,” said Michael Tanenbaum, Head of Chubb Cyber North America. “However, we are seeing cyber criminals continually evolve in their methods of attacking the industry—meaning that the financial services space is still fertile ground for bad actors looking to exploit any gaps that they can find.”
Compounding this concern is that many of these attacks are preventable. Human error tops the list of cyber attacks hitting the industry, tied with hacking, accounting for 21% of cyber claims for Chubb’s financial institution clients in 2019. Rounding out the top three sources of cyber attacks is phishing and other forms of social engineering at 18%.
“In general, financial institutions are at the cutting edge in terms of cyber security software and processes,” added Anthony Dolce, Vice President, Chubb Cyber Claims. “However, every day we see situations where one stray click on a well-targeted phishing email can result in losses of millions of dollars.”