Businesses in the finance industry are facing a new online risk as cyber attacks and geopolitics merge into a single threat. Cyber attacks have already been at an elevated level for several years. However, the latest geopolitical threat comes in addition to those existing risks of theft, fraud and vandalism.
The U.S. government has warned that geopolitical rivals from Russia to China, Iran, Venezuela and others could respond to rising geopolitical tensions with severe cyber attacks against private enterprise. If such an attack happens, it could mean a claim for a small business like yours. Here’s what to know.
Geopolitical Cyber Attacks Are Anticipated
In a press conference earlier this year, President Biden warned that the capacity for state-sponsored cyber attacks was “fairly consequential and it’s coming,” adding that there was “evolving threat intelligence that the Russian government is exploring options for potential cyber attacks.”
State-level espionage and sabotage are nothing new. Records of intellectual property protection date back thousands of years and Sun Tzu’s The Art of War includes an entire chapter on spy-craft. However, what is new to many businesses is the role of their own computers in such clandestine operations.
More and more, the cybersecurity of private businesses is becoming a geopolitical issue. With government, economic and societal systems moving online, critical technologies have become a target for rivals, with cyberspace functioning as a battleground for their competing interests.
Financial Services Are Essential and Vulnerable
During the early days of the pandemic, the Department of Homeland Security identified finance as one of 16 business sectors essential to the U.S. economy and national security. Though the pandemic has subsided, the financial sector now faces growing geopolitical risks.
Economists at Goldman Sachs note that recent events including Russia’s conflict with Ukraine and Western economic sanctions against Russia raise the risk of malicious cyber activity between the countries. A research note to investors cautions that cyber attacks are now among the biggest threats to national security, highlighting that energy, financial services and transportation sectors are particularly at risk.
“The U.S. is less vulnerable to cyber attacks than most countries because it invests more in cyber security and has stricter regulatory requirements, especially in the financial sector,” Goldman told Forbes. “However, the U.S.’s high degree of dependence on digital technology increases the opportunities for disruptive cyber attacks, and experts say it would be difficult or impossible to fully defend against an extreme escalation of [state-sponsored] cyber attacks.”
Geopolitical Hacks Can Do Big Damage
For small businesses in the financial sector, the risks of a cyber attack by a foreign country run the gamut. At the extreme end, companies could face widespread power blackouts, internet outages or data center losses that take days, weeks or longer to recover from.
But other less severe risks can still do a lot of damage:
- Spying and Espionage – Countries not only want to know what rival governments are up to, they also want to know what’s going on in their business sector. If a foreign hacker breaches your company’s security defenses, it’s a big deal, even if no serious harm is done. Regulations require costly notification procedures for affected clients and negligence lawsuits are a real risk.
- IP and Data Theft – Your company property is valuable to your business, and it may also be valuable to foreign governments. Both intellectual property and client record data is now typically stored in the cloud. Theft of your IP could be used to compete against your business, as in the case of Bridgewater copycats, resulting in losses. Data theft could also target your VIP clients for geopolitical purposes and lead to a claim.
- Business Interruption – Even without apocalyptic outages, foreign cyber attacks can cause business interruptions that last for hours, days or weeks, costing smaller companies $2.65 million on average. Downtime costs include not only the time to get your computers running again, but time lost to forensic analyses, security upgrades, sideline business plans and missed client opportunities.
Cybersecurity Called a “Patriotic Obligation”
Following up on its warning to the business community, the Biden Administration released a fact sheet detailing eight steps U.S. companies can take to defend against cyber attacks, calling improvements to cybersecurity a “patriotic obligation.”
Companies were encouraged to implement the following best practices with urgency:
- Mandate the use of multi-factor authentication (MFA) on systems to make it harder for attackers to gain access.
- Deploy modern security tools on your computers and devices to continuously look for and mitigate threats.
- Check with cybersecurity professionals to make sure that systems are patched and protected against all known vulnerabilities, and change passwords across networks so that previously stolen credentials are useless to malicious actors.
- Back up data and ensure you have offline backups beyond the reach of malicious actors.
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack.
- Encrypt your data so it cannot be used if it is stolen.
- Educate employees on common tactics attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as having unusual crashes or operating very slowly.
- Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents.
Cyber Liability Can Protect Businesses
One more thing you can do to protect yourself is to insure your business against the risk of cyber attacks. Cyber Liability coverage is available from CyberLock Defense that can cover the cost of damaging cyber attacks, with a policy specifically designed for financial professionals like you.
Advisor coverage comes with ERISA 3(21) and 3(38) protection, so you are covered for fiduciary duties you perform. Coverage also comes with individual aggregate limits, so that you have access to your full policy limits. Plus, adding Cyber Liability to your Advisor E&O policy is quick and easy with Lockton Affinity.
Visit CyberLockDefense.com or call (844) 868-7144 to learn more.