1-888-643-2217 Email ABEX
Keeping you updated


What the Future Holds for Open Banking

Open banking is still in its infancy, yet it has the potential to reshape the banking industry on a global scale. To take full advantage, it’s important for financial institutions to understand the risks involved – as highlighted in new recommendations from the Joint Regulatory Oversight Committee.

As the world turns towards open banking – a term used to describe the use of open standards, technology and APIs that allow financial institutions to securely share customer data with third-party providers – consumers are set to benefit from a host of new product and service innovations.

But for institutions far and wide, open banking isn’t so much tearing up the rulebook as it is writing a second volume, with just chapter one complete.

The current state of play

As things stand, open banking is mostly unchartered territory. The US open banking ecosystem lacks the privacy rules afforded to consumers in the traditional banking industry, introducing a series of technical and privacy challenges which may be enough to dissuade firms from entering the market.

Meanwhile, the UK market is more structured. Open banking was initiated in 2017, following an investigation conducted by the Competition and Markets Authority into retail banking. This was followed by the Second Payment Services Directive passed in 2018, which made it mandatory for banks to share their database with third-party providers via APIs.

With tensions around privacy, competition and data portability still taking center stage, the UK’s Financial Conduct Authority (FCA) and the Payment Systems Regulator (PSR) acted as co-chairs of the Joint Regulatory Oversight Committee (JROC), to publish recommendations on its vision for the expansion of open banking in the UK. These recommendations not only shed light on the future of open banking in the UK, but they also show how other nations can enable open banking safely and successfully.­

Laying the groundwork for success

With demand skyrocketing, open banking systems need to scale quickly if they’re to keep up. More than that, they need to become economically sustainable while remaining resilient, reliable and efficient. That’s no small task, so it’s no surprise the JROC recommendations state that strong regulatory direction is required to build an environment where a wealth of new products and services can emerge.

An open banking ecosystem depends on enhanced data sharing and collection. This encourages innovation and competition, but the ecosystem should also put protections in place if things go wrong. To mitigate the risks that come with open banking, financial institutions must understand the level of financial crime, their unique exposures and how to address them.

On top of the ecosystem and data sharing practices, the JROC is also set to prioritize payments. Creating a greater choice of payment methods would offer flexibility and more cost-effective alternatives to direct debits and card payments. The payments space needs a commercially sustainable model in place, along with the right dispute resolution processes.

Taking a proactive approach to risk

As new measures and infrastructure improvements are rolled out, we’ll see a fresh surge of product innovation in the FinTech market. This will lead to an increased use and reliance on open banking by consumers and businesses, resulting in a growth of total investment in open banking.

Open banking works as it empowers users to make better decisions about their finances through increased visibility of spending and financial health, while also making financial services more accessible. The JROC recommendations will lay the foundation for institutions to create new products and services. Both consumers and SMEs stand to gain from additional functionalities and the benefits of competition, including lower fees for payments and product innovation.

Source: www.cfcunderwriting.com

Does Cyber Insurance Cost Too Much?

We often hear that cost can make cyber insurance a non-starter for businesses. We get it; broad coverage comes at a price given the value of services provided with a policy these days.

So, CFC has listed below the 5 key reasons a cyber insurance policy, is worth the financial investment.

Cyber is a business’ largest exposure
We’re in a digital age and businesses no longer rely on paper trails and filing cabinets. This digital reliance has shifted a business’ assets from tangible to intangible, making them wildly accessible and opening even the smallest of businesses to a whole new era of risk.

Subsequently, most companies today state that cyber risk is in their top three, if not their number one business risk given their reliance on technology. Since the frequency of loss is that much greater for a cyber event than traditional perils, such as a fire – it makes sense that the cost of cyber insurance today will mirror a business’ largest exposure.

CFC has created a cyber risk heat map, which explains the varying levels by industry. Hint, nearly no business is safe!

Premiums are a fraction of the cost compared to a cyber claim
The price of cyber insurance may seem higher than expected given many still consider it a discretionary purchase, but when you compare the thousands, hundreds of thousands, or even millions in costs that cyberattacks can incur for business, it’s an easy decision to make.

And the severity of those claims continues to rise. According to the latest Coveware report, it’s been noted that fewer victims are paying ransomware demands, so threat actors are demanding more money to compensate for the lower hit rate, making individual claims more expensive.

This lower hit rate on ransomware has also meant hackers are pivoting back to previous attack techniques, with the likes of business email compromise attacks showing an increase of 147% across the second half of 2022 (for SME businesses).

A good cyber policy should offer proactive protection from attacks
At CFC, from the minute the policy is bound, their cyber security team works around the clock to protect businesses against cyber-attacks.

This is a proactive, protective service that identifies potential threats using insights from a variety of sources, including public and private threat intelligence feeds that go well beyond the usual outside-in scanning tools available to insurers. If a cyber security issue is found, their team will reach out through their Response app to work with a potentially compromised business, to eliminate the threat before it can cause harm.

To pay for this level of monitoring externally, a business would need multiple providers, all individually costing upwards of thousands every year. Whereas, all of this work is done for free, as part of the standalone CFC cyber policy, as well as expert incident response and recovery.

Expert incident response and recovery
One of the other critical elements of a cyber policy is the availability of in-house cyber incident response. At CFC, their team of cyber threat analysts, digital forensic specialists and incident responders, CFC Response, is available 24/7 to triage incidents, contain threats, and repair networks if a cyber incident occurs.

Cyber policies cover a lot
A good, stand-alone cyber policy, such as a CFC cyber policy, includes comprehensive coverage.

Many small businesses do not have access to enterprise-grade security teams, threat intelligence feeds that can inform them of whether they are listed on a threat actor’s target list, or access to a multi-disciplinary team of experts who know how to respond to cyber-attacks and compliment existing IT personnel.

Equally, should the worst happen, cyber insurance policies cover cyber incident response costs, including IT forensics, legal, breach notification and crisis communications to cybercrime costs that include social engineering, theft of personal funds and cyber extortion.

All told, this can cost anywhere from thousands to hundreds of thousands, and there is no limit to the range of support required during a cyber incident. CFC’s security team estimates that the average downtime following a ransomware attack can be up to 2-3 weeks, and that’s only with the expert assistance of a cyber incident response team provided by an insurer. With a broad policy, the insured can focus on getting their business back up and running, rather than worrying about what will and won’t be covered by their insurer.

It is estimated that that cyber-attacks will cost the globe $8 trillion dollars in 2023. Yet, we estimate, only less than 20% of businesses have taken out a cyber insurance policy as of today. Cyber insurers are not just there to step in after an attack has taken place, ready to pay the many external teams a business needed to pull in to recover.  Instead, coverage from a cyber insurer like CFC protects and prevents attacks on businesses from the minute they bind a policy.

Cyber insurance is not expensive, cyberattacks are. And with the right cyber insurance product, it should be the easiest purchase a business has ever made to cover its largest exposure.

Source: www.cfcunderwriting.com

Uncovering Liabilities for Canadian Physicians

Technology advancements have allowed the number of Canadian physicians providing remote care to skyrocket. This is great news for patients, but when faults arise, this can blur the lines as to who is responsible.

The increased usability and adoption of digital tools such as AI, telehealth and remote patient monitoring has been a complete game changer for the healthcare industry. Physicians can treat patients remotely, wherever they are, meaning less time, money, and stress.

Cover for physicians & surgeons by the Canadian Medical Protective Association (CMPA)

Physicians providing in-person care to patients residing in Canada are eligible for assistance from the Canadian Medical Protective Association (CMPA); which provides medico-legal advice and assistance.

If eligible for CMPA cover, there are no financial limits to the legal assistance given to members or to the damages paid to patients.

Where the lines blur

However, when conducting digital care, or via telehealth the lines begin to blur as to how the CMPA applies.

The CMPA cover does not generally extend to Canadian physicians residing abroad, and these members have previously found it difficult to find another suitable insurer to provide the professional liability cover they require.

Not having the necessary cover invalidates a member’s practice permit, creating an extremely serious issue.

The CMPA accepts that physicians or patients who are out of the country on a short-term basis need to engage with each other e.g., on holiday or during an emergency. But also states it is not set up to assist with medico-legal problems and legal actions that arise outside of Canada, or that result from care given outside of Canada.

In these situations, where a claim arises out of telehealth care given remotely, the CMPA will consider giving assistance, but on a case-by-case basis.

Non-Canadian residents who receive treatment also have to meet a multitude of criteria before the CMPA cover will respond.

This ambiguous cover leaves practitioners unclear as to the level of cover they have, and the help that is available to them.

Clarity in cover

As technological capabilities extend, exposures can increase, especially when care is given outside a practitioner’s jurisdiction. Healthcare providers will need to protect themselves in the event the CMPA coverage does not apply due to any of the above circumstances.

CFC can help to create peace of mind with the ‘wrap around’ intention of their digital healthcare form that encompasses anything which would traditionally fall outside the CMPA cover, with respect to telehealth. This provides comfort to physicians that wherever, and however, they deliver healthcare services they will be covered.

Understanding exactly when their liability cover will respond, and having confidence in the protection in place, will enable physicians to focus on treating their patients – wherever either party is located.

Source: www.cfcunderwriting.com

Top 3 Tech Exposures in Design and Construction

The construction industry is in the midst of a technological boom. It doesn’t matter whether you’re a large design build firm or a small artisan contractor, technology exposures – like software and cyber related errors, are becoming inescapable.

As the construction insurance industry continues to grasp this boom in tech, many insurers are neglecting the traditional construction errors and omissions (E&O) exposures in favour of technology E&O, and vice versa. CFC has looked into some top tech tools in the design and construction industry that may be more exposed than you think.

Software platforms

Construction software platforms, such as Procure or Autodesk are growing in popularity because they can solve a wide array of challenges like improving connectivity, project management, data collection and key processes all in one centralized place.

With this heavy reliance on technology, it’s important to also consider what happens if the platform fails. What happens if there’s an error in the platform software itself resulting in incorrect construction drawings being sent, or even a cyber breach resulting in loss of sensitive data?

Even a contractor using the software is not immune to these exposures. Disclaimers used by several major platforms deny liability for E&O as a result of their software. Providers are not often likely to leap to a construction manager’s defense if the platform fails, or if it is disrupted by a cyber-attack on your business.

Contractors can take some refuge by their insurance provider trying to rectify any damage caused to their project and reputation, or respond to an ongoing cyber breach in order to minimize further losses.

Generative design

Generative design utilizes artificial intelligence (AI) technologies to generate and explore multiple design options and to optimize project solutions. The AI learns what design elements work and what doesn’t using pre-set rules, parameters, and design preferences.

Generative design software is being used increasingly as part of the design build process. While human beings may still be involved in the sign-off processes for these AI-generated designs, the exposure to a business using a technology platform to create drawings in the first place will mean that anyone working with this software should have construction E&O in place. Broad coverage for technology errors should be included, otherwise they could risk technology claims falling through the gaps.

Modelling and virtual reality

While use of computer-aided design (CAD) and building information modelling (BIM) for construction dates back to the pre-2000s, digital visualization in construction is heading to new, complex heights. There are an increasing number of tools for contractors, construction engineers, planners, or safety personnel to plan and visualize construction activities. Some platforms enable project stakeholders to visually explore assets in full virtual reality (VR), even when still under construction.

The reality is though, whether it be CAD, BIM, or even VR, errors and costs can always occur, from an incorrect rendering of plans, to broken contractual clauses as a result of a data breach. A huge variety of construction personnel utilize 2D or 3D electronic renderings in some form or other and therefore, technology errors coverage is essential to take into consideration.

There are many more technological advances and investments being made in the construction industry today. 3D printing of building materials or even programmed robot constructors could be a common practice in the future. As well as the multitude of construction E&O exposures faced by the construction industry, they are also faced with growing technological and cyber event exposures too.

Source: www.cfcunderwriting.com

The Real Story around Risk Reports

Risk reports and vulnerability scans can only tell you so much about the level of security across a network. Often having insufficient reach, these overviews can be misleading and result in a far more positive picture than what’s really going on under the hood.

Taking a lead from pioneering pollster George Gallup, who made his name almost 100 years ago by proving that quantity is a distant second to quality when it comes to the value of data.

Gallup surveyed 3,000 people ahead of the 1936 US election. He forecast a win for democrat candidate Franklin D Roosevelt, despite a Literary Digest survey that had canvassed 2.5 million people and predicted a republican landslide.

Gallup was correct and Literary Digest – its credibility shot – was out of business within 18 months.

Data quality

So, how does this relate to cyber insurance? Well, the point is that across the cyber market, vulnerability scans are being given too much weight, first as a measure of an organization’s cyber security, and second as an indicator of their likelihood to have a cyber claim.

Vulnerability scans or risk reports, aim to identify your internet-facing assets and any insecurities they have. Initially, they were used as a means to highlight potential problems and to suggest remedies. This was a good thing. But more recently they’re being used as de facto assessments of a businesses online security rating.

The problem is that these scans or reports produce data that is often limited. For example, they should locate internet-facing servers and identify the software running, but they’re unlikely to pick up all the services, especially those outsourced to third-party cloud providers.

Nor can these scans see inside your network therefore can’t assess the internal safeguards and protocols that may or may not be in place. In short, they’re seeking to provide a definitive assessment of your cyber security credentials on limited data. And that’s not a good basis on which to assess cyber security or to try and predict future attacks.

The good news is that huge strides are being made in the area of threat intelligence, with CFC leading they way, which does offer the ability to prevent attacks and make effective forecasts on likely cyber claim events.

Threat intelligence

While a vulnerability scan provides a survey of an organization’s internet-facing assets, threat intelligence builds up a dynamic picture of the attacks to which your organization is most susceptible.

CFC has established close working relationships with government bodies, law enforcement agencies, private sector organizations and our own proprietary sources. This network gives them access to the online platforms and markets used by criminals to trade data and exchange information.

Their network provides details of companies that have been compromised. It offers information on what’s been stolen and where backdoors have been left open on a system. Is this company on a threat actor’s list? Have their passwords been traded online?

Access to this type of information allows them to be very certain about the likelihood of an organization coming under attack and allows the threat analysis team to be definite about the actions they take to shore up defenses and to keep that system safe.

Cyber criminals are extremely dynamic and continually change both their point and method of attack. Understanding how attacks are evolving and uncovering where they’re likely to be targeted makes it possible to take swift and effective preventative action.

Just as George Gallup discovered in the 1930s, it’s the quality of your data that determines its value. The number of attacks prevented by CFC’s threat intelligence service is beginning to tell its own story on the scale of that value.

Source: www.cfcunderwriting.com



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn