Financial Services & Insurance Sector: Infrastructure Risks & Challenges in 2021


October 27, 2021

Businesses in the financial services and insurance sector are no strangers to increased risks and strain on their infrastructure, but recent years have brought new challenges. The COVID-19 pandemic saw an increase in cyber-attacks and scams, all while businesses were trying to adapt to work efficiently from home where possible.

Infrastructure-related risks are constantly changing and the skills of those with malicious intent are becoming more sophisticated. If businesses don’t keep up and consistently work to make their infrastructure stronger and more formidable, they may find themselves facing some dire consequences over the long term.

So, what are the risks, what are other businesses facing, and how can businesses in this sector ensure they’re prepared?

The Risks

DoS (Denial of Service)

DoS attacks are designed to prevent a system from being available to its user(s). Often, these attacks are DDoS (Distributed Denial of Service) attacks, where multiple attacks take place at once.


Ransomware is malicious software that encrypts core systems and demands a ransom from the victim to restore access. Ransomware can also attack in another way; pulling data from systems and then blackmailing the owner of that information under threat that it will be released to the public. These attacks aren’t new, but they are getting more prolific and sophisticated.

Data Leaks & Cyber-Attacks

Cyber-attacks resulting in data leaks are one of the most serious risks posed to the financial services and insurance sector today. When you put your customers at risk, you put the business at risk. The health of a business relies on revenue, but that revenue can only be earned at low cost when there is trust between a business and its customers. A data leak is a sure-fire way to destroy that trust and some customers will leave for good.

In early March, cybersecurity experts uncovered an extensive Microsoft Exchange Server attack that exploited vulnerabilities in Microsoft’s email software. More than 30,000 organizations have been impacted since the attack began in early January.

Data leaks aren’t always the result of a cyber-attack or ransomware attack – sometimes, the leak comes from within the organisation. Businesses must be strict on their internal security and controlling employee access, and removing access when an employee no longer needs it, especially if they’re leaving the organisation.

Hybrid working creates even more security challenges. 36% of employees admit they have picked up poor cybersecurity behaviours since working remote.

A common security issue associated with hybrid and remote working is the unauthorised sharing of data between work devices and home devices. Employees may share this data as they want to print a file, however their work device is not connected to their home printer. This forces employees to take data off a secure system and move it to a potentially unsecure device.

Some of the main benefits of hybrid work are increased productivity and flexibility, it is important that businesses do not impact these benefits through difficult security policies and procedures.

Subpar Cloud Security

We’ve been moving toward a cloud-based online world for some time, but the pandemic accelerated the financial services and insurance sector’s need for secure cloud architectures. This acceleration has also highlighted some of the bigger risks of working with CSPs (Cloud Service Providers) and the fact that they are a primary target for cyber-attacks and even espionage.

Human Error

The global pandemic forced every industry to pivot, bend, or stall – anyone that could have to work from home, and entire systems had to move to remote working conditions overnight. This caused businesses to prioritise speed over security, and security teams’ attention was split in a hundred different directions. These increased risks were necessary in 2020 to keep up with the needs of employees and clients, but now in 2021 and beyond, it’s time to bring the focus back to employing and creating best practices so there can be no slip of human error that leaves the door open for opportunistic malicious entities.

What can businesses do to protect themselves from these threats?

‘Ensuring that organisations have the correct cyber cover to protect them against attacks’

Businesses in this sector have to be proactive about maintaining a strong infrastructure – there’s no room to rest on your laurels. Businesses must:

  • Maintain and update hardware and software not only when necessary, but also when possible
  • Have backups of servers and methods to restore data
  • Practice network segmentation
  • Keep Content Management System and plugins up to date
  • Work with the best hosting services that specialise in high-risk industries
  • IP access control
  • Set traffic limits
  • Work with cybersecurity experts when using new technology to expose weaknesses before they are exposed by malicious entities
  • Education is key – Data protection is a whole organisations responsibility; employees should be educated about cybersecurity and the potential risk it could have on their organisation.

Businesses in this sector can also not underestimate the importance of education, both for staff involved directly with protecting assets and those providing assistance for cybersecurity issues. A recent report by the Chartered Insurance Institute found that over half of the professionals said they had not received training on cyber risks, even though they were underwriting cybersecurity policies.

The stories of successful and attempted cybersecurity breaches are endless, and the biggest data breaches reach the hundreds of millions and billions of pieces of data of users. While these breaches do not often spell the end for the businesses that failed to protect the data, they do result in a huge amount of mistrust which often takes years to rebuild. As we move forward in 2021 and into 2022, all businesses in the financial services and insurance sector need to have their eyes open and proactively working toward a safer, more secure future for their business’s infrastructure.

Cyber security awareness month has been recognised since 2003 and every year new challenges and setbacks arise. To stay up to date with the latest updates and content, visit our site or follow us on LinkedIn.

If you have any queries or questions about your business’ infrastructure, get in touch to see how we can help: [email protected]