A third of UK businesses have suffered a cyber-attack in the past year – with utilities companies at a high degree of risk, according to an industry report compiled by academics in Birmingham.
The study by researchers at the University of Birmingham found one in four of all gas and electricity companies have suffered an increase cyber-attacks in the past 12 months.
International criminal gangs are thought to be behind the attacks, businesses have said.
Besides the energy/utility sector, the Birmingham survey found insurance and marketing companies were also exposed.
A total of 34% of those businesses reported they had been the victim of a cyber-attack.
The report found the hackers are attempting to steal customers’ personal data.
The report, ‘The Cloud Snapshot Survey’ interviewed more than 1,000 bosses and technology experts from companies in the insurance, marketing, technology, energy sectors and scientific research sector.
The report was undertaken by University of Birmingham Business School academics, in collaboration with Serviceteam, an IT consultancy, based in Edgbaston.
Chief executive of Serviceteam, Sebastian Jesson-Ward, who commissioned the report, said state-sponsored criminals from Russia were likely to be behind the increase in attacks.
Mr Jesson-Ward said: “Within the energy sector the findings were dramatic. We discovered evidence of overseas cyber criminals attempting to gain access into the gas and electricity utilities to steal customer data.
“These companies are investing heavily into protecting their customers’ data. Yet with every improvement the cyber criminals up their game. It’s a constant war and having the best defences is the best way for companies to protect themselves.”
He said there was little doubt that cyber criminals were attempting to gain personal data from customers and also to gain access to a company’s intellectual property.
“We work closely with the utilities industry and they are reporting an almost daily occurrence of attacks,” added Mr Jesson-Ward.
In 2011, a Cabinet Office report found that cyber-attacks were costing the UK economy £27bn a year.
The FCA has struck a new agreement with the Hong Kong Insurance Authority (IA) to support fintech innovation, to help bolster development of the industry in both territories.
The City regulator and the IA have agreed to work together by sharing information, including referrals of innovative firms seeking to enter the counterpart’s market.
“By working together, regulators help support global innovation in fintech” said Christopher Woolard, executive director of strategy and competition at the FCA.
“We look forward to working closely with the IA to promote innovation and enhance synergy for both markets, which will in turn benefit our consumers and financial industry as a whole.”
“The agreement would foster fintech development in the international arena by assisting fintech firms to explore new areas of growth and business opportunities outside the home jurisdiction,” added John Leung, chief executive of the IA.
“The IA will consider signing similar cooperation agreements with insurance regulators in other jurisdictions.”
The FCA has also struck similar agreements with the Hong Kong Monetary Authority and the Securities and Futures Commission, which it says will provide a “full spectrum of co-operation and assistance in fintech innovation in the banking, securities and insurance sectors” in both the UK and Hong Kong markets.
3G vehicle cameras are increasingly being used to challenge fraudulent insurance claims, false driving allegations and disputed liability, providing added protection to commercial fleet operations and their drivers.
Intelligent Telematics has released a number of recent videos to demonstrate how footage from its industry-leading connected camera solutions is helping companies to guard against avoidable insurance costs by proving exactly what happened.
“Our cameras are capturing thousands of driving incidents every week, many of which are being used by our customers to determine liability within moments of them happening,” explains Sam Footer, Director of Intelligent Telematics. “Commercial vehicles can often be penalised unfairly when liability is disputed following a collision, or are simply victims of false allegations, so 3G cameras are the only way of having immediate access to video evidence and supporting data.”
One of the clip shows a SUV dangerously pulling out from a side road when obscured by a bus, which forced a van from the road into a grass verge, narrowly missing a tree. Had the van not taken evasive action and struck the SUV from behind it would have probably been liable for the collision without the aid of event footage. In a separate incident, a car drives head on into a van when driving on the wrong side of the road overtaking parked vehicles, while another shows a van being shunted from behind into the vehicle in front.“These videos highlight some of the collisions that are taking place every day on the road network, which is costing commercial fleet operators without 3G vehicle cameras many thousands of pounds in added insurance costs. Of course, there are those occasions when the van driver is at fault, so the devices also enable companies to streamline the claims process as well as support road safety training initiatives,” concludes Footer.
Intelligent Telematics’ IT1000 and IT2000 3G devices are the leading single and dual camera solutions for vehicle operations. They use the most sophisticated 3G and 4G technology so that HD footage of any collision, near miss or harsh driving incident is captured and automatically transmitted within moments of it happening. Unlike other systems in the marketplace, the videos and supporting data are uploaded to a secure server network with no user intervention required, making them the only truly effective 3G vehicle cameras for First Notification of Loss (FNOL).
B3i, the Blockchain Insurance Industry Initiative, has announced the launch of market beta-testing of its reinsurance blockchain prototype.
The group of 15 global insurers and reinsurers participating in the B3i initiative has been working on a joint distributed ledger for reinsurance transactions driven by blockchain technology. The group for the first time publically showcased a fully functional beta-version of its integrated blockchain solution for the re/insurance industry at a conference in. Details of its vision, an industry business case and planned next steps were also shared.
The platform uses distributed ledger technology to enable secure, confidential and efficient transactions in a blockchain network. The short term focus of the platform is on handling reinsurance contracts.
The B3i team has also developed an industry business case for the platform across the whole value chain. The consensus amongst the companies is that a productivity gain of up to 30 per cent is achievable.
Paul Meeusen of B3i said: “I am really excited about our launch. Over the past four months, a dedicated, combined team drawn from B3i member firms has produced a working prototype covering the core functionalities required to enable a distributed smart contract management system for Property Cat XoL contracts.
“The deployment architecture is already close to a production-ready environment and the team is preparing for feature enhancements of the prototype and a first deployment into production in 2018.”
A market beta-testing programme for the prototype will start next month, with insurance industry participants invited to join the testing phase.
The firm behind online SME broker ConstructaQuote.com has launched a new brokerage, specialising in professional indemnity (PI) and cyber coverage for small businesses.
Black & White, a trading arm of Moorhouse Group, is an online broker catering to businesses with up to 15 employees – a segment that the firm’s CEO says can be particularly vulnerable to a cyber-attack or an indemnity claim.
“It’s an important bracket, because this is the bracket of business that when something hits like a cyber-attack, it can kill the business. These are businesses that cannot afford to have their systems taken down for a week, never mind a month or two months,” Lyndon R. Wood, chief executive and founder of Moorhouse Group, told Insurance Business.
The new brand was officially launched last month following a soft launch in February, and works out of Moorhouse Group’s established base in Caerphilly, Wales. While the business is already “well versed in online channels,” through sister brand Constructaquote.com, which specialises in cover for contractors and tradespeople, there is a continued focus on service, says Wood.
“It’s about providing value to customers,” he said. “We’re definitely a business with customer centricity, and definitely a business that likes to support and help all of our SMEs, it’s not just about selling them insurance. We provide other materials and other advantages for them – information and knowledge.”
The “growing” PI market is a “very profitable segment for insurers,” Wood explained, but the nature of online business means that it remains competitive. “Anything online is price-driven and price-sensitive, but we’re a service-led organisation,” he commented. “Selling the service standards when someone just wants a better price can be challenging sometimes, however we manage to do it and do it well.”
With cyber-attacks continuing to dominate headlines, businesses are finally waking up to the reality that they need to protect themselves, which is driving growth for cyber coverage. “We are definitely seeing demand on the cyber side, and it’s a great door-opener from a sales point of view because it’s on everybody’s mind, it’s in the papers every day,” Wood said.
“Companies need to be aware of cyber and certainly what a cyber product covers,” he continued, but there is still a long way to go in terms of raising awareness and educating smaller businesses.
“There’s always an education element with anything new… We have started producing more and more materials to get that message across. There’s a definite education process, because people think hackers will only go for Sony, or the NHS… but cyber comes in various forms.”
Tree surgeons, roof tilers, and scaffolders ranked as the most likely tradespeople to experience an accident at work, based on analysis of customer injury and accident claims from 2012-2016.
“In terms of the trades that were highlighted there weren’t necessarily any surprises,” George Scarfe, trades insurance product manager at Simply Business, told Insurance Business. “If you look at tree surgeons for example… that’s always going to be more risky.”
However, there were some unusual results: hairdressers and beauticians were found to be seven times more likely to have an accident at work than carpenters, and fitness instructors are three times more likely to experience an event than bricklayers. “It’s not all about the construction trades, which often perhaps get a bit of a bad press. There are other trades out there that do similarly have a high claims frequency,” Scarfe commented.
When it comes to those risky trades, Scarfe said that the commercial sector could benefit from the types of technologies that have been introduced in home and auto. “I’m interested to know if there are ways we can use technology to manage the risk for these trades, and also to understand the nuances between different businesses,” he said.
For example, those working at a height could benefit from a phone-based app or some form of wearable tech that tracks the heights at which accidents are more likely to occur.
“In the same way that with cars we’re able to use telematics, and increasingly in the home we’re able to create smart, connected homes… There could be an opportunity to identify behavioural traits which could make claims more or less likely using technology,” Scarfe added.
LONDON (Reuters) – Banks are increasingly turning to insurance to protect their capital from “operational risks” like cyber attacks and rogue traders, and insurers say they can help safeguard lenders by providing an extra layer of expertise.
After a spate of expensive court cases and IT outages, banks including Credit Suisse, Deutsche Bank and Lloyds are looking for ways to mitigate the costs of such episodes by taking out insurance.
Most such insurance contracts are arranged privately and the details never publicised. But the practice gained new attention last year, when Credit Suisse sold a 220 million Swiss franc bond tied to its operational risk.
Buyers were given generous coupons of more than 4 percent, but could lose their investment if the bank is hit with charges from employee malfeasance, cyber attack or other issues.
The bond was linked to coverage provided by Zurich Insurance, which said it was seeing growing interest in operational risk policies, due to the rising frequency and severity of such risks.
Banks were “interested in de-risking their balance sheets by transferring a portion of their operational losses and so mitigating the impact on equity capital,” a Zurich spokesman said by email.
As with all insurance, there can be a risk of “moral hazard”, with banks that offload some of their risk becoming laxer about their own controls, said Domenico del Re, director at consultants PwC. Smaller financial firms in particular might prefer to buy insurance than spend much greater sums on risk management, he added.
But he said insurers can also help cut those risks by scrutinising firm’s controls closely.
“Insurers are getting more and more sophisticated as risk management partners,” he said. “If you think of the parallel with fire risk, by helping companies getting advice on where sprinklers should located, the same is happening with cyber: where insurers are linking up with IT and cyber specialists.”
Insurers are employing risk specialists with experience at major banks to help assess the practices of the financial institutions they cover, said Angelos Deftereos, senior underwriter for operational risk at XL Catlin.
He cited his own background as an example: ”Before joining XL Catlin, I was responsible for implementing the operational risk framework at the asset management division of Morgan Stanley. So I have an insight into these risks as well as how they are managed/controlled.”
“BACK TO FUNDAMENTALS”
The Basel Committee on Banking Supervision defines operational risk as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”.
It can include cyber attacks, general IT outages, rogue traders and financial fraud, and is one of the risk areas against which banks need to set aside regulatory capital, along with market and credit risk.
Regulators permit the largest banks to use insurance to reduce the their capital buffers for operational risk by up to 20 percent, although this might change: the Basel Committee that sets global rules has yet to release the results of a consultation on the issue last year.
Banks first started to look at operational risk insurance before the financial crisis struck a decade ago. Their interest has renewed in the past year, insurers say.
“The crisis is over, banks are getting back to fundamentals and now it’s back in focus,” said Mark Fellows, financial institutions manager at U.S. insurer AIG.
FILE PHOTO: A man types on a computer keyboard in this illustration picture taken February 28, 2013.Kacper Pempel/File Photo
Major cyber attacks “WannaCry” and “NotPetya” earlier this year have driven more interest. There has been rising demand for operational risk insurance from banks in Britain, continental Europe, Australia and other parts of the developed world, brokers and insurers say.
Banks can buy insurance against different aspects of operational risk, such as property, cyber or professional indemnity, but an umbrella policy fits more closely with their needs, they add.
Paul Search, financial institutions practice leader at Willis Towers Watson, said the insurance “can cover the whole spectrum of operational losses incurred by a bank,” in contrast to traditional insurance, “which remains siloed, risk type by risk type”.
Siobhan O’Brien, managing director, financial and professional practice at broker Marsh UK, said banks could typically buy operational risk insurance to cover three different aspects of operational risk for a total cover of up to $1 billion, from a range of insurers.
Deutsche and Lloyds are among major banks that have said in company statements that they use operational risk insurance. Both declined to comment.
Policies still usually require that the bank itself bears a big chunk of any losses, to ensure they do not loosen their controls.
“That’s the tool the insurance industry uses to protect itself from the moral hazard,” said Daniel Butler, managing director, operational risk solutions at broker Aon Benfield.
There are additional risks for the insurers themselves. For example, offering insurance to banks classed by regulators as having global systemic importance – such as Barclays, Credit Suisse or JP Morgan – could potentially leave insurers themselves facing a similar burden.
“If you provide operational risk insurance to an institution of systemic importance, you become systemically important yourself,” said one senior insurer in the Lloyd’s of London market, whose firm did not provide operational risk insurance. Because of this, only the largest insurers tended to offer such insurance, he added.
A second Lloyd’s market source said many insurers were reluctant to offer cover against operational risk because of the huge bills firms can run up as a result of rogue trading.
Societe Generale rogue trader Jerome Kerviel triggered 4.9 billion euros in losses in 2008.
Kweku Adoboli caused 1.4 billion pounds ($1.80 billion) in losses at his employer UBS in 2011.
Those who have offered operational risk insurance have found the insurance profitable, however, as there have been few claims, insurance specialists say.
Providers of operational risk insurance include U.S. firms AIG and XL Catlin and Switzerland’s Zurich Insurance.
Operational risk insurance can also be of use to other financial firms, such as asset managers, to cover risks such as dealer error or being accused by investors of violating their mandates, said XL Catlin’s Deftereos.
Policies can take months or even years to develop because they are custom tailored to meet the institution’s needs and may also need to be signed off by regulators, brokers say.
“There is no single price for operational risk insurance as there are too many variables to consider and each financial institution is different,” Deftereos said.
LONDON (Reuters) – Insurers in Britain face crunchtime within weeks if the government and the European Union do not allow millions of cross-border policies to continue to run undisturbed beyond Brexit.
While Britain is not due to leave the bloc until March 2019, insurers say they need to know by November whether they must move contracts with EU customers out of Britain, due to the lengthy legal process involved.
Britain and the EU are currently negotiating divorce terms.
“The preferred option would be something in the negotiations that gives the regulators the appropriate political approval to start working on a mechanism to allow these existing contracts to continue operating as they are,” Hugh Savill, director of regulation at the Association of British Insurers, told Reuters in an interview.
Leaving contracts to operate unchanged after Britain has left the EU is known as “grandfathering”.
Without this, an insurer would have to move contracts for EU customers to a new EU subsidiary after 2019 for them to remain in the same legal jurisdiction as the customer, or sell that portion of their business. Both options involve a court process, which takes time to implement with Brexit only 19 months away.
“You have to go to court to get approval for transfer, and you also need the approval of the regulator at both ends. That means the transfer has to start by November 2017 otherwise you run out of time,” Savill said, adding that the process could affect millions of contracts.
“If the government has not negotiated something that looks reasonably trustworthy in the next couple of months, companies will have to start putting this alternative contingency planning into action.”
The issue is particularly acute for long-term insurance contracts such as pensions, or contracts where policyholders can make claims for years after the policy expires, such as professional indemnity cover.
The specialist Lloyd’s of London market has also called for grandfathering of contracts, saying it would be impossible to transfer all the contracts in time.
Insurers in Britain are regulated by the Bank of England’s Prudential Regulation Authority. A PRA spokesman referred to a letter from PRA chief executive Sam Woods to parliament this month in which he said there is a possibility of a significant increase in the volume of transfers.
“We are engaging further with firms and trade bodies to examine the possible mitigants to these risks and determine which are likely to be most effective,” Woods told parliament.
But Paul Merrey, a partner at accounting firm KPMG, said some insurers have already begun court transfers, with others expected to start later this year.
“It’s an issue both ways, for UK and EU insurers, but it’s fair to say that the process might be easier for EU insurers transferring portfolios to the UK than for UK insurers transferring to the EU,” Merrey said, adding that the process can vary between countries.
The BoE has said that about 7 percent of general insurance contracts undertaken in Britain and 3 percent of life insurance contracts are written by insurers elsewhere in Europe.
Early movers want to avoid potential court bottlenecks.
“There is not enough court time, there are not enough independent experts – the scale of the challenge and demands on the regulators’ time are significant,” Merrey said.
MA Assist’s Jorge Gonzalo discusses how sharing information between brokers and insurers can help customers.
In March 2017, a storm damaged the property of a mutual insurance customer, Margaret. The insurer referred the case to MA Assist and informed us that roof tiles had been blown off the front of the house, the chimney stack looked unstable and the fence had blown down.
At this stage, little was known or shared about the customer. We tried to get in touch with Margaret several times but could not reach her.
Meanwhile, Margaret was targeted by rogue builders who made faulty repairs to her property. We were unaware of the situation until the insurer contacted us to say the wrong roof tiles had been used.
We carried out some investigations and realised that Margaret had been the victim of rogue traders. Despite the confusing situation, the insurer agreed to pay for rectifying the faulty works as well as the original storm damage works.
However, we still hadn’t been able to talk directly to Margaret. Eventually, Danny, from our contact centre team got through to her and immediately realised she was a vulnerable older person, who was also very scared.
Margaret told Danny the rogue builders had turned up and carried out the work and that she was worried they may come back for money.
She had previously been a victim to rogue traders who took £800 from her and she was too scared to call the police.
To avoid further distress for Margaret, Danny immediately informed the insurer of her situation and discussed how they could rectify it. Danny contacted the local broker and contractor to make them aware too.
He arranged a call between Margaret and TrustMark registered contractor Frank Rogers so she knew exactly what to expect with the work.
Later again, Danny struggled to contact Margaret and reached out to the local broker and insurer to help get in touch.
Finally, Danny got through and was able to update Margaret on the plan of works. As Margaret was concerned about security issues whilst the scaffolding was in place, the works schedule was planned so that it could be done in one day, including erection and removal of the scaffolding.
He organised for Margaret to get a call on the morning of the works. He also arranged for a call to Frank Rogers at the end of the day to ensure the scaffolding was down.
Margaret said Danny was “a diamond”. She added: “Within the first two minutes of talking to Danny I knew he was an honest, caring and trustworthy gentleman. It was so refreshing to speak to someone so lovely.”
This case demonstrates how important good communication is. Key information must be shared between brokers, insurers, claims managers and contractors to help support vulnerable customers.
Danny worked in line with MA Assist’s Supporting Pledge. He took control of the situation, giving Margaret both reassurance and key information. The plan of works was altered to accommodate Margaret’s needs.
The insurance industry needs to share information and adapt to the needs of the customer.
It’s the reason we set up our Supporting Pledge and is why we fully support the Insurance Age Insurance Cares campaign.
To help support vulnerable customers, we advise the following:
Ask the right questions at First Notice of Loss and share information with the supply chain
All customer-facing staff including brokers, insurers and claims handlers, through to loss adjusters, surveyors and contractors need to be trained to recognise vulnerability and to provide the right support and information
A sole claims manager should be appointed to ensure strong project management and to give a single point of contact to the customer
Jorge Gonzalo is the managing director of MA Assist
Insurance ID fraud is soaring to “epidemic levels” amid warnings that criminals are applying for bogus policies in order to build up detailed profiles of victims.
New data from Cifas, a fraud prevention service, shows identity fraud rose to an all time high in the first six months of 2017.
A record 89,000 identity frauds were recorded, up 5 per cent from last year, it said.
ID theft is now so common it represents over half of all fraud recorded, it said, with 83 per cent of cases perpetrated online.
Over the past year there has been a 10,000 percentage point increase in insurance fraud, where a criminal takes out a policy in someone else’s name. In the first half of 2016 there were just 20 cases compared to 2,070 in the first half of 2017.
Fraud experts at Cifas said obtaining insurance policies was a new trick being used by fraudsters in their bid to build up a detailed enough profile of someone to use their ID in order to steal from them.
Yesterday this newspaper revealed that Millenials are more likely than pensioners to be targeted by fraudsters for the first time, because they don’t bother to check their bank statements.
Analysis of millions of credit files by credit checking firm, Experian, found people in their mid to late 20s have overtaken over 60s as the most likely age group to fall victim to fraud.
Simon Dukes, Chief Executive, Cifas said: “We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day.
“These frauds are taking place almost exclusively online. The vast amounts of personal data that is available either online or through data breaches is only making it easier for the fraudster.
“Criminals are relentlessly targeting consumers and businesses and we must all be alert to the threat and do more to protect personal information.
“For smaller and medium-sized businesses in particular, they must focus on educating staff on good cyber security behaviours and raise awareness of the social engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough.”