The concept of sharing is so far ingrained in our everyday that most of us couldn’t imagine living in a world where we can’t share a ride, couch-surf or leave our dog with a stranger at the tap of a screen. The advancement of the sharing economy, defined by Google as an economic system in which assets or services are shared between individuals, is a prime example of this.

In fact, per the Innovation Report 2018 published by Lloyds, the global sharing economy is expected to grow to $335 billion (approximately £261 billion) by 2025. That’s considerable growth in comparison to 2014, when the estimated size of the global sharing economy was circa $15 billion (approximately £12 billion.)

This isn’t surprising when in theory the sharing economy is supposed to save resources, strengthen regional and local communities, cut costs, enable consumption for lower income groups, increase investments and provide new jobs. However, while there is a plethora of benefits to the sharing of assets and services, there is also countless risks.

In analysing Lloyd’s innovation report, British marketplace OnBuy.com wanted to share how American and British consumers feel toward the sharing economy and what they believe the risks and benefits are.

To achieve this, OnBuy designed graphics to showcase data collated by Lloyds from more than 3,000 US and UK consumers as well as representatives from 30 sharing economy companies.

In terms of benefits, both American and UK consumers believe ‘it can be cheaper for users’ - the number one benefit to the share economy, at 60% and 58% respectively.

Thereafter, it is clear American consumers are more enthused with other benefits, such as ‘it is more convenient for users’ and ‘it provides more flexibility for users’ at 52% apiece.

Comparably, just 39% of British consumers believe ‘you can earn money from your assets when you aren’t using them’. While 43% of American consumers would say the same.

In terms of risks, American consumers believe ‘there’s a risk to personal safety interacting with strangers’ which is cited as the number one risk to the share economy, at 60%.

While British consumers are caught between ‘there’s a risk to personal safety interacting with strangers’ (44%) and ‘there is no guarantee of the quality of the service or facilities (44%) in sharing their opinions on the number one risk.

Other risk factors to consider include ‘people sharing their assets could have them damaged’ (American 46%; UK 42%) and ‘people sharing their assets could have them stolen’ (American 43%; UK 41%.)

Lastly, 37% of American consumers and 33% of British consumers agree ‘there aren’t sufficient safeguards or protections in place for users’ in the sharing economy.

Cas Paton, Managing Director of OnBuy.com, comments: “If the sharing economy is to reach the proposed $335 billion mark in 2025, the industry needs to thoroughly consider the opinions of consumers. Today, the way people spend money and interact with the everyday is changing. Companies need to match this change with innovative products which meet the needs and expectations of their customers.

To combat risk, Lloyds recommends sharing economy companies partner with insurers to enhance credibility, instil confidence and build trust to drive business growth and gain a competitive advantage. I truly believe this is the way forward. Especially considering 58% of American and UK consumers currently believe the risks outweigh the benefits of using sharing economy services.”

(Source: OnBuy.com)

Yet they have a relatively low-interest rate and many other saving options are now also tax-free.  So the question is – are Premium Bonds worth it?

What are Premium Bonds?

NSANDI Premium Bonds are a type of savings account that you can add money and take it out any time you want.  Interest is paid and there’s a monthly prize draw.  Bonds can be bought in £1s and everyone has the same chance of winning so the more you buy, the greater your chance is of seeing a prize.

There is a minimum of £25 for a one-off purchase and monthly standing orders and you can’t have more than £50,000.  You have to be aged 16 to buy them or they need to be held in the name of a parent or guardian until you are.

The monthly prizes are one of the big draws to Premium Bonds.  There are two monthly winners of £1 million, 5 of £100,000 and 11 of £50,000 as well as smaller prizes going down to £25.  You have a one in 24,500 chance of winning £25 so don’t get too excited about the idea of winning loads!

Tax-free savings

One of the big benefits of Premium Bonds used to be the fact that the interest paid on them is tax-free.  However, this shine has been taken off somewhat since the launch in 2016 of the personal savings allowance (PSA) which allows you to have all savings tax free up to £1000 interest a year for basic taxpayers and £500 a year for higher rate taxpayers.

This means that 95% of people can now have savings that have tax free interest so this advantage to Premium Bonds is no longer relevant.

The prize rate isn’t great

There’s definitely something attractive about the potential for winning a million pounds for your savings but in reality, the prize rate isn’t great.  If you ring NSANDI (and you can find the NSANDI phone numbers are listed here) they will tell you that the prize rate is 1.4%.

In reality, for every 25 people with £100 in bonds, 24 of them will not win a prize.  For people with £1000 in bonds, 3 out of 5 will not win a prize while if you have £15,000 in bonds, 1 in 1552 will not win a prize.

All savings are protected

NSANDI might sound like a bank or building society but they are actually a government department – the government owns the Premium Bond system.  Now that does mean they are 100% safe and there’s no chance the company goes broke and the owner runs off with the money.  However, it is worth mentioning that all savings are protected anyway under the savings safety rules so as long as you use a UK-regulated savings product, you are protected up to £85,000 per person – and the maximum for Premium Bonds is £50,000 anyway.

Prize rate versus savings rate

If you consider that prize rate of 1.4%, this is the figure to compare against other savings products to see what is the best option.  And while it compares well with some, there are definitely other savings products out there that provide a higher rate of interest on your savings.  Some general examples include:

• Top easy access normal savings accounts – 1.5%
• Top easy access cash ISA – 1.45%
• Top two year fixed savings – 2.31%
• Top two year fixed cash ISA – 1.9%
• Some current accounts – 3% on balances up to £3000

So if you have money that you don’t need to access for a couple of years, you can definitely get a higher rate of interest.  Premium Bonds compare with standard savings products so there it is more a personal choice matter.

You can resave your winnings

If you don’t already have £50,000 in Premium Bonds and you do win some money, you can also choose to resave this.  In other words, you can turn the winnings into more Premium Bonds and increase your odds a bit that you win more and bigger prizes.  This is a bit like leaving the interest from your savings in the account to continue to grow your pot.

Are they worth it?

There’s nothing wrong with Premium Bonds as a way of saving.  While the chance of winning a substantial prize is higher than the chance of winning big on the National Lottery, there is always a chance.  And smaller prizes can accumulate to build your pot and increase your odds.  So really, if you like the idea of potentially winning more money, then Premium Bonds can be a good option – just be aware of the odds and don’t expect that millionaire pay-out any time soon!

While the sheer number of credentials exposed in these leaks are astounding, it’s not surprising, as it only added to the billion plus passwords we already knew were floating around on the dark web. Below Andrew Shikiar, chief marketing officer of the FIDO Alliance, explains why the classic password is on the down.

What is surprising is the continued reliance of traditional username/password authentication, despite knowing it is easily breached and susceptible for compromise via credential stuffing attacks.

The problem of authentication has indeed risen to the forefront in recent years as a vast majority of publicised high-profile data breaches have been traced back to weak and shared credentials; usually a username and password combination stored in easily exposed, central databases that hackers can easily infiltrate. Even among IT professionals, who should lead the way when it comes to secure authentication, 69 percent share passwords with colleagues, and over half reuse an average of five passwords across business and personal accounts, according to a recent survey. With nearly 50% of shopping cart abandonment being due to password issues (per a Visa study) and a large proportion of costly IT support calls within enterprises related to passwords, weak authentication is also becoming an economic burden for many businesses.

The good news is that the tide is turning. Rather than encouraging users to change all of their online passwords – which more often than not results in easy-to-remember passwords being recycled across different accounts – website and app developers can now look to new web standards from FIDO Alliance and W3C for strong authentication that will enhance security while improving the user experience.  As service providers start to turn on these capabilities, we’ll begin to see an accelerating shift away from passwords – which in time will consign credential leaks such as Collection #1-5 to history.

Mobile devices, PCs and web browsers are now shipping with the capabilities for strong authentication – combining cryptographic protection of user authentication credentials, which can’t be phished and in fact needn’t ever leave the user’s device, with a low-friction user. By building applications and websites that support new web standards for strong cryptographic authentication, developers can now leverage these authentication mechanisms that are literally already in their users’ hands — from fingerprint, iris, face or voice recognition in PCs and mobile devices to portable hardware security keys — to improve security for their businesses and their users.

As 2019 progresses we are surely going to see biometrics and other embedded authentication sources continue to contribute to an enhanced customer experience. The new version of 3D Secure, for example, will be optimised for mobile devices and enable the implementation of secure biometric user verification. Biometrics are likely to impact the financial services industry as well, given their potential to enhance organisational and consumer demand for transaction convenience, while ensuring compliance with regulations such as the Second Payment Services Directive (PSD2)

While this development is welcomed, the industry needs to continue to commit to creating and implementing technical standards and established best practices, which can also inform emerging government regulation around this technology. Organisations may not be able to eliminate all passwords immediately, but 2019 should be the year that dependency on them begins to decline, as companies look to improve processes and aim to eliminate the burden of managing them -- setting the stage for broader enablement of password-free online experiences as we head into the next decade.

Founder, Chairman and Co-Chief Investment Officer of Bridgewater Associates Ray Dalio talks to Julia La Roche in 2018 of Yahoo Finance about the value of savings and investing.

As a result, they have expect payments to be easy, convenient, flexible, secure – in some cases they even want to be rewarded for making transactions. Below, Abhijit Deb, Head of Banking & Financial Services, UK & Ireland, at Cognizant, explains the ins and outs of card payments and the threats this payment method currently faces.

Customers will not stay loyal to their card providers if the service no longer meets their needs or expectations. As a result, we are entering an age where payment industry providers either have to be the source of transformation or face disruption from competitors challenging their market share. To avoid the latter, card providers should continue to innovate, creating new capabilities and features to bring greater security, added-value services, collaboration and convenience for their clients.

The future credit card

The shift in the payments landscape over the past few years has brought a substantial evolution in the role of payment cards. This transformation has not only impacted the types of cards that companies are launching – for example, Gemalto has developed fingerprint recognition credit cards  – but has also affected card providers’ strategies and aspirations.

But how long will we keep physical cards in our wallet? Will the move to cashless lead us to ultimately become wallet-less?

Payment networks like Visa, MasterCard, Discover and American Express have built a massive infrastructure, also known as ‘payment rails’, for processing transactions globally. As purchasing trends shift online, credit and debit cards are increasingly being used more for their ‘rails’ than for the traditional plastic card we use in-stores. Thus, the battleground for card providers is how to remain the default payment option across every channel, keeping them in the top spot in a spender’s digital wallet.

Apart from the obvious revenue advantages associated with being a preferred payment choice, such as interchange fees and interest charges, card providers with ‘top of the wallet’ status also have access to a rich pool of information. By harnessing data, card companies can provide an innovative and hyper-personalised customer experience to differentiate themselves or create a new stream of revenue, as seen with companies such as Google recently purchasing Mastercard credit card data to track users’ spending.

Evolving competitor landscape

With the incursion of the concept of ‘digital cards’, card issuers and their corresponding business model are under threat, no matter what position they hold in the rank.

With the incursion of the concept of ‘digital cards’, card issuers and their corresponding business model are under threat, no matter what position they hold in the rank.

Card providers have access to increasing amounts of payment and account information, and more assertive competitors are moving quickly to commercialise the opportunities. Online players, like PayPal and Square, are already poised to take a bigger industry lead over traditional credit card issuers thanks to their established online presence.

And, as their dominance grows, we are likely to see other digital players enter the payments space. Amazon, for example, is well known for having a business plan for every industry – and it is likely payments will not be any different. Having just launched a small loans service to SMEs, it is not hard to extend the logic to where Amazon is your bank and runs your entire network by Amazon “rails”. And the same could easily be said for Apple.

We may also see social media players get involved, coupling their user data with account information to provide quick credit checks or banking services.

So, what does this mean for traditional card providers?

Firstly, it is clear that marketing strategy can no longer be centred around a piece of plastic. Marketers must challenge themselves to think about how they can propagate brand loyalty and acquire customers in this changing market. At the moment, a vast amount of customer acquisition is achieved by cross-selling to other customers with partnerships. For example, the British Airways / American Express credit card enables consumers to collect Avios points on their day-to-day transactions.

Firstly, it is clear that marketing strategy can no longer be centred around a piece of plastic.

And how do they compete on the digital landscape? Many providers are racing to position themselves as the customer’s ‘digital front door’ to take advantage of additional account information. Card providers need to act fast to stay relevant.

In the short to mid-term, credit card providers must focus on trust. Currently, thanks to consumer banking regulations, clients have the peace of mind that if a card gets stolen, they are protected. For the time being, Apple Pay and other providers are not offering the same assurances to customers yet. However, when mobile payments start offering the same guarantees, what can card providers do to stop people switching?

In the long term, card players must ensure that they do not find themselves consigned to the role of the faceless underwriter. Card providers need to think about their role in the entire financial services ecosystem and create new, innovative services that respond to customers’ needs. Many forward-looking players are looking to launch offerings such as 360-degree views and financial management advice services.

In the long term, card players must ensure that they do not find themselves consigned to the role of the faceless underwriter.

By combining machine intelligence with data, other providers are already exploring how technology can create new customer and colleague experiences that are simple, fast, transparent and engaging. For example, American Express’ personal travel assistant app, Mezi, uses AI to help cardholders pay for vacations and business trips based on their preferences. Similarly, Bank of America’s virtual AI assistant Erica is helping clients with effective money management.

Only by creating these value-added services that respond to specific consumer needs can card providers avoid complete industry disruption and stay relevant.

What are the benefits of having a third-party portfolio manager to manage one’s accounts?

Ron Medley: Whether using a third party or an in-house portfolio manager, a key benefit is having a relationship with the portfolio manager in order to have a communication channel that can provide feedback beyond just the price and the news headlines of the day. The ability to get a view into the investment decision-making process can help provide the necessary feedback to inoculate you from the emotion that only looking at price and headlines can generate. Once you have that feedback, you can achieve certainty of process and peace of mind, given the variety of possible outcomes from the market. As an example of our practice, we use volatility as a factor for investment selection. Our research has shown that the risk/reward of owning lower volatility portfolios has generated a couple percent more return for about the same risk as the market over the last couple decades. We construct portfolios that are dynamic in their ability to adapt when unexpected things happen in the market and we can also build custom variations of this approach, which are unique to each client. Generally, once clients learn about how we implement the investment process and experience owning a portfolio constructed and managed this way, emotional energy can be channeled toward much more productive areas.

Our research has shown that the risk/reward of owning lower volatility portfolios has generated a couple percent more return for about the same risk as the market over the last couple decades.

What mechanisms do you use when identifying risks and opportunities for MSAM’s clients?

Ron Medley: What’s most important here is the ‘What, Why and How’ for the client: What are your beliefs and your mission? ; Why are we doing this? ; How do we tap into the positive emotion that is driving you and help you step toward making your vision reality? We listen first. And then we work to understand how we can help provide clarity to help turn those emotions, concerns and goals into positive actions.

What sets your firm apart from other asset management companies?

Chris Pelley: There are almost one million investment advisers around the world. We all look about the same and most people aren’t entirely sure what we’re talking about or how to differentiate us. But we all have three deliverables as follows:

• Comprehensive financial planning – We pull together strategies and views tying life goals and expectations. We are also aligned with both tax and legal advice.
• Portfolio design – Working to develop custom asset allocation profile and investing the portfolio accordingly.
• Education – We encourage our clients to ‘invest their time before they invest their money’.

At MSAM, we add a special fourth dimension that is often the primary focus on enhancing our client relationships. We are very mindful about making useful ‘connections’ that can help our friends’ companies, careers, children and charities. We believe that the way people invest their time is even more important than the way they invest their money. We open doors that enhance the quality of their lives. They reciprocate for us too.

What are some of the challenges that investment advisers in the US have been facing over the past year in relation to changes in what customers expect in terms of products and services?

Ron Medley: We have an overabundance of investment products - there are as many funds as there are stocks they invest in, and this is not only because of the proliferation of funds and ETFs. There are also less companies going public. Although the value of the market as a whole has grown, the US market had almost twice as many public companies 20 years ago. More and more, it seems investment capital is chasing companies long before they are accessible in the public markets. Historically, over the last century, small companies offered a 3%+ return premium over large companies. But with less small companies being public, we have to find more ways to access quality small companies. Alternatives, as an asset class, have attracted a lot of investable assets and are projected to become 15% of the investable universe by 2025, a recent PwC study has shown. We’ve invested a lot of energy in developing ways to allocate to alternative asset classes, such as private equity for example, in order to continue to broaden our access to the investable universe for clients.

Alternatives, as an asset class, have attracted a lot of investable assets and are projected to become 15% of the investable universe by 2025,

What strategies do you implement to ensure that your clients’ goals and objectives are achieved?

Ron Medley: We’ve got a full toolbox to work with, but it’s all about the journey, not the destination. We follow a structured process that has certainty in its steps, use a variety of solutions, enabling and advocating client significance in purpose and making useful connections, and we work to focus client conversations in areas that will help them have the greatest impact. Through a culture of continual discovery, we make adjustments as necessary, given whatever changes life or markets bring.

Additionally, investing is not just about risk/return – it’s also about innovation, impact and purpose. When we have built a trusted relationship with a client, worked together to position a portfolio overall to take care of a client’s financial planning needs and move conversations toward fulfilling the client’s greatest purpose, I know we are on the right track. We are happy to play whatever small part we can in helping our clients change the world for the better, one trusted relationship at a time. And it all begins with a conversation.

What two or three things would you look for in an adviser if you were seeking one?

Ron Medley: Trust and a willingness to invest in the relationship to create it. I’d also want to know that they weren’t going to waste my time with a bunch of product features and benefits without a depth of expertise in the approach and the process. I’d also like to be in the hands of professionals who experience both the up and down sides of the market, and who prepare themselves for the uncertainties, instead of just reacting to whatever crosses their path.

Finally, I’d like to know that we could learn from one another and make each other better. We’re only as good as the quality of the team we surround ourselves with.

Ron Medley has a passion for building custom investment portfolios - he works with advisers and clients to build, manage, protect and transfer wealth. As the President of Moloney Securities Asset Management (MSAM), Ron leads a team of over 50 independent advisers who provide wealth management services to clients primarily in the US, with some international exposure. Ron joined the Moloney Securities family of companies in 1999, after working for a mutual fund company and an insurance company in the 1990s

MSAM is a registered investment adviser, affiliated with Moloney Securities Company, Inc., a broker/dealer. Headquartered in St. Louis, MO, MSAM has a correspondent relationship with the Royal Bank of Canada (RBC) and has advisers across the US operating as MSAM or affiliated entities.

Chris Pelley, Managing Director of the Pelley Group, has been in the financial services industry for over 30 years and has a passion for helping investors make better decisions. He’s spent over 11 years working abroad for world-class financial institutions including Shearson Lehman Hutton where he specialised in retirement planning for corporate executives in NYC. In 1994, Chris founded Capital Investment Management Company (CIMCO), with the goal of offering clients independent investment advice. In 2014, he joined RBC Wealth Management and chose to affiliate with MSAM as an independent adviser in 2016.

For more information, please visit: https://www.msam.net/ and https://pelleygroup.com/

A decade after the global recession, the world’s economy is vulnerable again. Ryan Avent, our economics columnist, considers how the next recession might happen—and what governments can do about it.

Widespread confusion about cancer symptoms among employees could be leading to delayed diagnoses and irregular self-examinations according to new research by Bupa UK.

One in two people in the UK will be diagnosed with cancer in their lifetime, however 53% of employees in the financial services sector are confused about what to check for when it comes to common cancers such as skin, bowel or lung.

The study found over half (56%) also say it is hard to remember the warning signs or physical changes they should look for. As a result, a third (32%) of employees have never checked themselves.

This confusion is one of the significant factors that could delay diagnosis. One in five (19%) employees said they have delayed seeking medical advice about a symptom as they “didn’t realise what to look for”. But for a fifth of these people (4%), this symptom was later diagnosed as cancerous.

Additionally, a third (35%) of those across the financial services sector would worry about taking time off from work to have a symptom checked.

Being able to recognise if something is wrong is important for improving survival rates, which is why Bupa has created a simple Cancer Check-CUP guide, which can be incorporated into health and wellbeing guidance for employees.

If someone experiences all three signs they should get medical advice.

Change:

Is something about your body different or unusual? Is something new, or does something feel ‘wrong’ to you? Trust yourself to know what is right and wrong and seek help.

Unexplained:

Can you pinpoint why something has changed, why you are feeling physically unwell? If not, it is worth further investigation.

Persistent:

Have you been experiencing this or feeling unwell for longer than two weeks? Watch out for the symptoms that you can’t shake off.

Creating a culture where people feel comfortable discussing health challenges at work can help ensure that employees receive the support they need, but the research also highlights that for nearly half (46%), cancer isn’t talked about in their workplace.

(Source: Bupa)

In the last few years we have seen the frequency and severity of third-party cyberattacks against global financial institutions continue to increase. According to Tom Turner, CEO at BitSight, there is a growing need for more effective risk management firms in the financial services sector.

One of the biggest reported attacks against financial organisations occurred in early 2016, when $81 million was taken from accounts at Bangladesh Bank. Unknown hackers used SWIFT credentials of Bangladesh Central Bank employees to send more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York asking the bank to transfer millions of the Bangladesh Bank's funds to bank accounts in the Philippines, Sri Lanka and other parts of Asia. The Bangladesh Bank managed to halt $850 million in other transactions, and a typo made by the hackers raised suspicions that prevented them from stealing the full $1 billion they were after.

Landscape

The Financial Conduct Authority (FCA) reported 69 attacks in 2017 compared to 38 reported in 2016, a rise of more than 80% in the last year. We saw two main trends last year. First, there was a continuation of cyberattacks targeting systems running SWIFT — a fundamental part of the world’s financial ecosystem. Because SWIFT software is unified and used by almost all the major players in the financial market, attackers were able to use malware to manipulate applications responsible for cross-border transactions, making it possible to withdraw money from any financial organisation in the world. Victims of these attacks included several banks in more than 10 countries around the world. Second, we saw the range of financial organisations that cybercriminals have been trying to penetrate expand significantly. Different cybercriminal groups attacked bank infrastructure, e-money systems, cryptocurrency exchanges and capital management funds. Their main goal was to withdraw very large sums of money.

With the evolving risk landscape and the challenges of new potential risks including third party risks, companies within financial services need a set of management procedures and a framework for identifying, assessing and mitigating the risks these challenges present. Effective risk management offers sound judgement in making decisions about what is the appropriate resource allocation to minimise and mitigate risk exposure.

Risk management lifecycle

The basic principle of a risk management lifecycle is to mitigate risk, transfer risk and accept/monitor risk. This involves identification, assessment, treatment, monitoring and reporting.

In order to mitigate risk, an organisation must measure cyber risk performance and incentivise critical third-party vendors to address security issues through vendor collaboration.

In terms of identification, you can’t manage your risks if you don’t know what they are, or if they exist. The first step is to uncover the risks and define them in a detailed, structured format. You need to identify the potential events that would most influence your ability to achieve your objectives, then define them and assign ownership.

Once the risks are identified they need to be examined in terms of likelihood and impact, also known as assessment. It is important to assess the probability of a risk, and its consequences. This will help identify which risks are priorities and require the most attention. You need to have some way of comparing risks relative to each other and deciding which are acceptable and which require further management. In this way you establish your organisation’s risk appetite.

To transfer risk, an organisation is advised to influence vendors to purchase cyber insurance to transfer risk in the event of a cyber event.

Once the risk has been assessed, an approach for treatment of each risk must now be defined. After assessment, some risks may require no action, to only be continuously monitored, but those that are seen as not acceptable will require an action or mitigation plan to prevent, reduce, or transfer that risk.

To accept and monitor risk, the organisation must understand potential security gaps and may need to accept certain risks due to business drivers or resource scarcity.

Once the risk is identified, assessed and a treatment process defined, it must be continuously monitored. Risk is evolutionary and can always change. The review process is essential for proactive risk management.

Reporting at each stage is a core part of driving decision-making in effective risk management. Therefore, the reporting framework should be defined at an early point in the risk management process, by focusing on report content, format and frequency of production.

Managing with risk transfer

Risk transfer is a strategy that enterprises are considering more and more. It mitigates potential risks and complies with cyber security standards. As cybercrime rises, an insurer’s view of cybersecurity has changed from being a pure IT risk to one that requires board-level attention. Insurance is now viewed as fundamental in offsetting the effects of a cyberattack on a financial institution. However, insurers will want to know that appropriate and audited measures are in place to prevent an attack in the first place and respond correctly when cybersecurity does fail. An organisation’s risk management responsibility now extends down the supply chain and insurers will want to know the organisation’s strategies to monitor and mitigate third party vendor risk.

Simplifying risk management and the transfer of risk can also be accomplished by measuring your organisation’s security rating. This is a similar approach to credit ratings for calculating risk. Ratings provide insight into the security posture of third parties as well as your own organisation. The measurement of ratings offers cost saving, transparency, validation and governance to organisations willing to undertake this model.

The benefits of security ratings will be as critical as credit ratings and other factors considered in business partnership decisions in the very near future. The ratings model within risk management can help organisations collaborate and have productive data-driven conversations with regards to risk and security, where they may not have been able to previously.

Long term potential

This year we will see a continuation of third-party cyberattacks targeting systems running SWIFT, allowing attackers to use malware in financial institutions to manipulate applications responsible for cross-border transactions across the world. Banks generally have more robust cyber defences than other sectors, because of the sensitive nature of their industry and to meet regulatory requirements. However, once breached, financial services organisations’ greatest fear is copycat attacks. This is where an effective risk management strategy can enable better cost management and risk visibility related to business operational activities. This leads to better management of market place, competitive and economic conditions, and increases leverage and consolidation of different risk management functions.

A study from Dun & Bradstreet recently revealed that while finance leaders remain tasked with business profitability, their remit has expanded to include the sharing of data across the organisation and management of risk.

The Risk Revolution found the top challenge for finance leaders today is monitoring risks within a business’ customer, supplier, or partner base (38%). The second biggest concern for finance leaders was found to be forecasting or predicting risk, while the third was growing profitability.

When it comes to managing risk, data is an invaluable insight for businesses. However, according to the study, 60% of finance leaders said that their data currently exists in organisational silos, with over half reporting difficulty sharing, linking and using data to drive their risk management strategies and are unable therefore to effectively harness the data to mitigate and manage business risk.

Commenting on the report, Tim Vine, Head of European Trade Credit at Dun & Bradstreet said: “A changing business environment, coupled with political and economic uncertainty, is making it increasingly challenging for finance leaders to manage risk effectively. Data-driven tools can uncover valuable insights to inform strategic decisions and drive business performance, but our report shows that adoption of these tools is still relatively low. Finance leaders who are able to leverage data can help their organisation navigate uncertainties in the market, manage risks and grow profitability.”

(Source: Dun & Bradstreet)

You’ve seen a lot of content, articles, warning and advice on cybersecurity, with hundreds of firms trying to sell you next level cyber protection. So, before you do anything else, you need to know what exactly it is you’re protecting yourself against. Below Suid Adeyanju, Managing Director of RiverSafe, lists 10 threats you need to be aware of.

In early July IBM Security and the Ponemon Institute released a new report titled ‘Cost of a Data Breach Study’. In this study it was reported that that the global average cost of a data breach and the average cost for lost or stolen information both increased. The former is up 6.4% to £2.94 million while the latter increased by 4.8% year over year to $112.57. This shows that cyberattacks on enterprises continue to rise. In particular over the last two years there has been a continual stream of concerning data security breaches.

One of the ways that organisations can defend against attacks is to ensure staff understand and are educated about the cyber threat landscape.

Understanding Threats to your Business

Getting the right technology, services, and security professionals is only a part of tackling the cyber security problem. It is also important that companies get a clear understanding of the cyber threat landscape. This means knowing where these types of attacks can come from and in turn, who is leading the attack (whether it be an individual or group). Often, knowing the answer to these types of questions leads to an understanding of the motive and makes countering the attacks easier. So, in this article, I wanted to highlight the areas of the cyber threat landscape that enterprises should be aware of.

1. Nation State: This kind of hacking is often government versus government. It is often functionally indistinguishable from cyber terrorism, but the defining trait is that the attack is officially sanctioned by a country’s government. These attacks can involve not only hacking but the use of more traditional spying as well.
2. Insider Threat: This is one area where many businesses least expect a threat to come from: inside the business itself. A reportfrom A10 Networks revealed that employee negligence is a major cause of cyber attacks. Employees unknowingly allowing hackers into the business through unauthorised apps. And, on the very rare occasion, a disgruntled employee could try and bring the business down in revenge, so it is always important to investigate who could have access because there is every chance that the threat could come from the inside.
3. Individual Attackers: When you think of the stereotypical hacker most thoughts turn to a hooded youth sitting alone in their room. This is the individual attacker and their motives are often more one of curiosity and learning. They want to see if they can hack a system rather than attempt anything malicious. This is the most neutral cyber threat.
4. Industrial Espionage: Sometimes an unrelated group and other times a rival business, cyber threats that deal with industrial espionage have the motive of creating problems for your business. The most common reason for industrial espionage is to discover the secrets of a rival business, often through spying. However, it could also involve destroying valuable data or, with some IoT devices, physically breaking the technology. Anything that can push a business over a competitor.
5. Cybercriminals: Much like the individual attackers, cybercriminals are an all-encompassing cyber threat. Almost all hackers are criminals in some way and the motives can vary from demanding money, to setting up crypto-mining, to damaging company property. Whatever they do it won’t be a good thing.
6. Phishing and Ransomware: These are some of the most common types of attacks you’ll find cyber criminals performing. These attacks are motivated purely by financials and exist to either scam a business out of money or hold valuable company data at ransom. Sometimes this can be a distraction to hide something more nefarious. Therefore, organisations need to make sure they are prepared for any escalation.
7. Ethical Hackers: An ethical hacker is the opposite of a cybercriminal, as the term ‘ethical’ implies. These types of threats are often undertaken for the sake of a company, and often have been paid for by the business to see if it can hack into its own servers. These hackers test the security resilience of a business and locate areas that are vulnerable, before an ‘unethical’ hacker comes along.
8. Hacktivists: A hacktivist is a sub-set of cybercriminals whose motives are more ideological. As the name references, a hacktivist is essentially a cyber activist. They are using hacking purely to push an agenda, whether political, religious, or otherwise, rather than a financial motive. A hacktivist attack can be something as simple as changing the text on a company website to a more nefarious act that interferes with the day to day running of the business.
9. Cyber Terrorism: While hacktivists don’t always cause damage, a cyber-terrorist will. Just like real terrorism, cyber terrorism exists to bring terror to your business, country and customers. Examples include the attacks on the NHSlast year which aimed to bring systems down in hospitals and cause chaos and fear.

By understanding all the different types of attacks in the cyber threat landscape it can help you build your cyber defence by identifying a motive and being able to trace what kind of opponent your business is facing, as well as if this is an attack aimed primarily at an individual, an organisation or a national-level threat where the solution would be to work with other companies to stop the attack as a team.