Research reports have widely stated that digitisation, amid the pandemic, will play a significant role for business continuity of the BFSI sector, ensuring efficient operations, improved productivity, remain competitive, and thrive. However, this will also mean that banks the financial institutions are likely to continue to experience a wide range of cyberattacks. Last year, the Reserve Bank of India (RBI) has cautioned that in the post-Covid-19 lockdown period, there has been increased incidence of cyber threats against the banking industry. To understand the dynamically changing cybersecurity landscape across the financial industry, insurance sector in particular, Rashi Aditi Ghosh of Elets News Network (ENN) interacted with Siddharth Kaushik, Chief Risk Officer, Canara HSBC OBC Life Insurance. During the exclusive interaction, Kaushik said, “ One of the critical aspects emanating from the shift towards digital environment is a potential increase in Cyber Security risk.”
Excerpts of the Conversation:
1. Covid accelerated the digitisation across the BFSI sector by several years. What digital-based opportunities did the insurance sector witness?
In the past few years, even before the pandemic, industries worldwide and especially the BFSI sector has seen significant and rapid adoption of the continuously evolving Digital revolution. A paradigm shift has also been observed due to the unprecedented event of COVID having accelerated Digital Journey for the entire sector; wherein Companies have invested and implemented various new digital initiatives right from customer onboarding to servicing its customers.
From a Life Insurance perspective, one would observe an increased reliance on digital solutions like Digital onboarding, Video KYC, E-KYC, Tele and Video Underwriting, Chatbots, Whatsapp and IVR servicing etc. The Life Insurance industry traditionally has been more of face to face selling process with reliance on customer and agent or bank relationship. With COVID, a shift in this approach from F2F to digital virtual environment offering, has seen increased adoption. The unprecedented global phenomenon of COVID has definitely led to an accelerated digital adoption, wherein digital is not just another add on service; but the new way of conducting business.
Learning’s and experience emanating from the current situation is changing the way we work, the way we plan and the way we execute. The situation has led to enhanced focus on technology-backed strategies embedded in the eco-system with digital footprints and eliminating single points of failures to ensure continuity of all facets of business. We as a Company continue to focus on digitally enabling the sales and business operation. This adversity has proved to be an opportunity in disguise and helped business process owners find new ways to maintain & sustain the business.
2. Did the cyber threat cases increase lately? How are new-age technologies helping you in mitigating risk in the Insurance sector?
One of the critical aspects emanating from the shift towards digital environment is a potential increase in Cyber Security risk. To ensure that the Company has an effective management framework around an increase in threat vectors, the Company has reviewed its remote security posture and strengthened controls in this area.
In this regard having an updated asset inventory, rigorous Security testing framework covering in scope assets, posture checks for devices connecting remotely, prioritized deployment of critical security patches and a comprehensive privilege access management process and subscription to Digital risk Management services along with a 24×7 SOC assists the Company in proactive identification and mitigation of security threats.
The Company’s Information Security function makes effective use of available tools to strengthen the monitoring framework for proactive identification and management. Besides this the Customers & employees are also made aware of emerging threat vectors and recommended security best practices as more and more services are rendered & consumed digitally.
The focus for the Company continues to be on awareness of the landscape, environment and leakage points; which helps the Company to proactively identify and mitigate such risk areas. Ongoing oversight and risk evaluation of changes in processes and new technology solution adoption is one of the key focus areas for the Company.
3. What are the new unheard and evolving cyber risks in the Insurance sector?
The rapid technology adoption and changing landscape of how we conduct business coupled with increased reliance on digital solutions, interconnectivity between systems, introduction of new age technologies, IoT, etc. has led to an increased complexities and enhanced exposure to cyber risk. New age threat vectors like cyber extortion or ransomware, web application attacks have seen an increase in the recent past with cyber criminals getting more sophisticated; resulting in potential data breaches and other forms of intellectual property losses. It is imperative in view these sophisticated threats for Companies to have an enhanced focus and strategy to identify these ever evolving cyber risks to safeguard its customers, stakeholders and Company’s data and digital assets.
4. Which tools/ technologies have been very effective in mitigating the cyber risk?
The Company’s focus has always been to have an effective framework towards mitigating Information and Cyber Security risk. This is supported by a balance mix of technological tools, people training and awareness, efficient processes and ongoing control monitoring. In my personal view, one doesn’t need to panic and get every security solution available in the market to cover the risk; instead identify the right solutions basis Company’s architecture, processes, infra, etc. and focus on ensuring right deployment of the requisite tools with adequate monitoring.
5. Did the cybersecurity budget inflate during the pandemic?
Cybersecurity has always been one of the most critical area for the company to safeguard its customers and stakeholders from the dynamic cybersecurity threat vectors. For this, the Company has consistently invested in appropriate and feasible solutions coupled with its focus on an overall robust framework and governance around Information and Cybersecurity risk.
6. What level of success did you achieve in curbing the threats in the last two years?
The Company’s focus on Information and Cyber Security and its underlying governance and framework has helped in mitigation of threats over the years pertaining to the dynamic and ever evolving cyber risk environment.
7. What according to you would be the landscape of cybersecurity in 2021?
With an increase in reliance on technology solutions, interconnectivity between systems, cloud adoption and growth of new-age technologies; the landscape of cybersecurity will continue to evolve rapidly with new threat vectors and mitigations evolving basis experience and changing environment and landscape. Important would be to remain ahead of the curve and have adequate monitoring in this area and most importantly, expenditure in enhancing the Information Security landscape shall not be just an expense, rather and investment for the future.