Insuring Cyber Security –
A few weeks ago, TSB set the precedent of being the first UK bank to guarantee victims of fraud a refund on their losses. The losses will cover victims up to the sum of £1m where they may have been tricked into authorising payments fraudulently.
TSB’s offer is commendable, there are currently no rules that oblige banks to take such measures. The move comes at a time when cyber criminals are thriving. Criminals are using increasingly sophisticated techniques taking advantage of advances in technology and associated vulnerability that has been left unaddressed.
TSB’s move is a much-needed step in the right direction and could act as a catalyst for other banks to follow suit. However, there is a risk that this type of reimbursement mechanism could drive the wrong behaviours; TSB account holders may take unnecessary risks due to the newfound security blanket that will lead to further opportunities for criminals.
The costs are not going to be insignificant and are likely to be covered by specialist insurance products, developed by insurers responding to the changing market. Given the scale of losses in cybercrime, premiums will not come cheap and it may be unsustainable for financial institutions to support its maintenance indefinitely.
In a change to the traditional model, it is not inconceivable for financial institutions to charge for the cost of insuring against these losses. This may become reality sooner than we think; with scams on the increase, the days of free banking may be numbered as financial institutions struggle to meet its costs.
Losses due to cybercrime are increasing day on day. The Financial Times article ‘Will anyone take responsibility for rising financial fraud’ cited data from trade body UK Finance, stating that fraudsters stole £1.2bn in 2018 – a 16% increase from the year before. Unauthorised push payments have seen one of the biggest year on year increases going up by 50% from the year before. It is evident that the trajectory is only going up and rarely are the losses recovered which is affecting both banks and customers.
A real alternative for customers is the rise in popularity of insurance products aimed at protecting consumers from cybercrime. Like car, home and health insurance, the profile of an individual will have an important part to play in the cost of the insurance product.
In turn, this is putting the onus back in the court of the consumer to demonstrate characteristics that show they are taking the necessary precautions to avoid being a victim of cybercrime.
Ultimately, the changing face of consumer banking and potential rise in popularity of consumer insurance products is responding to the outcome of cybercrime and aimed at reassuring the consumer that their money is secure. This is currently a reactionary step aimed at giving consumers comfort that their hard-earned money is safe, but it shouldn’t allow institutions to shy away from looking at the root causes of the problems.
The slow reaction by government, social media and financial institutions can somewhat be attributed to the rapid rise criminal activity as they are able to go from strength to strength in an undeterred environment. The ones paying the real price now are consumers and financial institutions.
These parties have an equal responsibility to tackle the rising problem of cybercrime. They each have role to play and need to be held responsible for delivering an outcome that helps tackle the surging crime rates.
Governments need to get better at centrally owning and driving the change. Social media outlets should take responsibility for how their platforms are used by criminals to conduct their business and should proactively foresee and deter. Financial institutions need to get ahead of the curve by developing frameworks to protect customers irrespective of how they would like to transact in the future.
The stakeholder that has access to consumer data should be aware of the value of data and protect it accordingly. Despite this now being a requirement by GDPR, it begs the question why such a landmark legislation was needed for institutions to fulfil a moral duty to protect personal data.
Finally, consumers have an equal and most important part to play. In the changing world of crime, they need to be vigilant, to prevent and not react.
These steps are critical in the fight against cybercrime and will play a key part in preserving banking as we know it today. Unless we get ahead of the problem, we will always be responding to these external stimuli and the world as we know it today will be no more.