Tesco bank mass online fraud

22 December 2016

Main features in this issue:

Tesco Bank mass online fraud

The recent Tesco Bank mass online fraud incident has put the focus on theft and fraud. For businesses, this should be a reminder to be clear what is – and what isn’t – covered by their corporate insurance. The recent Tesco Bank cyber theft was “serious” and “unprecedented”, according to the Fraud Conduct Authority (FCA) chairman Andrew Bailey, quizzed about the incident by the Treasury Select Committee. A month on, the “UK’s worst cyber theft” looks unlikely to remain unique.

Clarity coming to cyber cover

New guidance from the Bank of England’s Prudential Regulation Authority (PRA) means insurers can no longer just ignore cyber risks. In November, the PRA wrote to insurers following meetings with stakeholders in the last quarter of 2015 and first half of 2016. Its letter, confirming the rapid growth of cyber insurance, also noted it had brought risks to the industry. “The prudential risks emanating from this fast-evolving field, if not managed well, are potentially significant to the viability of the firms involved and the reputation of the UK insurance industry as a centre of excellence and innovation,” it stated.

A sign of the times

Sometimes it is a teenager in a bedroom: Sentencing of the 17-year-old who admitted responsibility for last year’s data breach affecting 156,000 TalkTalk customers took place on December 13. The boy, who was 16 at the time of the attack, told magistrates in November he had just been “showing off.” It can fairly be seen to have highlighted the weakness of TalkTalk’s controls at the time. That’s also reflected in its record £400,000 fine handed down by the Information Commissioner’s Office (ICO) in November. The company’s security failings allowed the attacker to access customer data “with ease,” the ICO found.

Cyber risks where it counts

The US election is revealing a whole new area of potential systemic risk from cyber. In the run-up to the US election there were concerns cyber attacks would attempt to derail electronic voting. This was not without cause, given the role hackers had already played in the campaign, revealing confidential emails from Hilary Clinton’s campaign team, and the attacks on state election database systems.

The cyber risk paradigm for 2017

Cyber security in today’s world is a misnomer. Our government agencies, businesses, and personal lives are irreversibly connected to the worldwide web that provides enormous opportunity and convenience. However, success in this “connected” world requires organizations sacrifice absolute security - and therein lies the problem. Because being connected requires some amount of insecurity, the same worldwide web that creates opportunity and convenience, also gives rise to sophisticated, dynamic cyber threats motivated by financial gain, activism and state-sponsored espionage. Special feature by JLT’s Cyber Risk Consortium partner Dynetics.

Download Cyber Newsletter

For more information please email cyber@jltgroup.com



Find out more

Read our Cyber Risks & Insurance Insights

Read more

Receive our monthly cyber risk newsletter