Gallagher’s Financial Institutions team produces a monthly bulletin which reviews the insurability of the largest operational risk events reported recently.
Financial Institutions May 2019

UK Bank TSB pledges to refund customers against all types of online fraud losses

TSB has recently announced that it will become the first UK bank to commit to covering all of its 5.2m customers against all types of online fraud losses. That will include transactions when consumers are tricked into authorising payments to fraudsters (so called ‘authorised push payment fraud’). We understand that UK banks are not currently legally liable for authorised push payment fraud and that crime insurance will not respond to such fraud for that reason. If the position changes to where UK banks are liable for authorised push payment fraud, and we understand that recent regulatory developments have made it easier to claim compensation, then it may push insurers into providing coverage in that respect.1

Beazley publishes its 2019 breach briefing

UK insurer Beazley has released its 2019 breach briefing. The report is based on information gleaned into more than 3,300 data incidents in 2018. The results include:2

  • Almost half (47%) of the incidents were the result of a hack or malware. Of those, approximately half involved social engineering attacks in which a cyber criminal used compromised email credentials or spoofed a legitimate email address;
  • The average ransomware demand in 2008 was more than $116,000, but this was skewed by some very large demands. The median was $10,310. The highest demand received by a Beazley client was $8.5m – the equivalent of 3,000 Bitcoin at the time;
  • Malware included Trojans designed to steal banking credentials. Recent variants have also been capable of stealing other credentials and are used to deploy other types of malware.

Cash in decline, but old criminal methods persist

A recent report by Which?3 shows that free-to-use cash machines are disappearing at a rapid rate in the UK. However, ATM fraud is increasing in some areas. For example a total of 14 cash machines have been stolen in 11 incidents in Northern Ireland this year.4 The most recent incident in Ballymena involved a digger stolen from a local construction company. Such events highlight that despite the rise in cyber crime, physical threats are still a real and present danger. Crime insurance has always responded to certain physical crimes (including ATM fraud) and continues to do so.


  1. The Financial Times, 15th May 2019.