Payment processors may not often make headlines, but they have quietly become some of the most critical infrastructure in today’s digital economy. Their position at the heart of global commerce also makes them a high-value target for cybercriminals – and a complex challenge for insurers.
Speaking with Insurance Business, James Bullock-Webster (pictured), director and head of tech, media & cyber at New Dawn Risk, described processors as “ruling the world” of digital payments. Their value, he explained, lies in the sheer volume of sensitive data and financial transactions they manage daily.
“From a bad actor’s perspective, there’s something of a gold mine,” he said. “If you can disrupt them, if you can extract money out of them, they are a high-value target. That’s led to a number of different instances across sectors – from healthcare billing experts to banks processing cash.”
While the threat vectors may evolve, the core risks facing payment processors remain consistent: ransomware, data breaches, phishing and social engineering attacks, and operational disruption from cloud or third-party failures.
Bullock-Webster pointed out that the fundamentals have not changed so much as the tactics.
“It’s morphed from people putting on ski masks and walking into a bank with a shotgun to trying to figure out the digital vulnerabilities of payment processors,” he noted. “Nothing’s really changed – it’s just the way in which they go about it.”
That evolution has pushed insurers to be cautious. Covering payment processors involves not just cyber exposures but also the possibility of direct financial losses if cash or billing systems are compromised.
“Insurers have traditionally been quite cautious around underwriting payment processors,” Bullock-Webster said. “But it’s not impossible.”
Another layer of risk is the dependence of processors on third-party vendors and cloud infrastructure. A disruption at a major cloud provider, for example, could ripple across multiple payment platforms simultaneously, creating systemic exposures that resemble natural catastrophe events.
This interconnectedness amplifies the stakes for insurers, who must weigh not just individual company risk but the potential for accumulation across portfolios.
Payment processing also sits within the broader fintech ecosystem, where innovation is relentless. From mobile wallets to embedded finance, new entrants and technologies emerge constantly, testing the limits of traditional risk models.
Bullock-Webster acknowledged that keeping up is difficult, but not impossible. “I think insurers are certainly trying to,” he said. “From the Lloyd’s of London perspective, there are some really good specialist teams providing fintech products for the emerging technology space.”
Many Lloyd’s syndicates have invested in dedicated underwriting teams, leveraging technology and external expertise to track the threat environment more closely. Continuous evaluation, Bullock-Webster argued, is essential to ensure that coverage remains viable in the face of rapid technological change.
“Insurers absolutely have to keep pace,” he added. “If they don’t, then clients and brokers will go elsewhere.”
For brokers, the challenge is not just placing coverage but helping clients understand a complex risk chain that most businesses take for granted. Payment processors may operate in the background, but when they go down, the impact can be immediate and severe.
Bullock-Webster has previously described brokers as “interpreters” in technical domains like artificial intelligence, where insurers and clients often struggle to speak the same language. That same role, he suggested, applies here. By bridging the gap between fintech specialists, insurers, and businesses that rely on payment systems, brokers can help translate highly technical risks into practical coverage strategies.
Specialist underwriting teams also play a role in strengthening that translation process. As Bullock-Webster noted, their presence “gives clients confidence as well that they’re being underwritten by people who understand them, speak their language, [and] have a better understanding of the real intricacies of their business.”
When brokers and specialists align, clients gain both clarity and assurance that their coverage is tailored to the risks that matter most.
This involves not only explaining the direct exposures, such as ransomware or data theft, but also the systemic risks tied to third-party failures. By mapping out those dependencies and clarifying how they flow through a client’s operations, brokers can position themselves as strategic advisors rather than simply intermediaries.
Ultimately, underwriting the sector is not about eliminating risk but about striking a balance between caution and innovation. Payment processors may be indispensable to commerce, but their vulnerabilities – from ransomware to systemic outages – demand careful explanation and tailored solutions.
“These are very high-value targets,” Bullock-Webster said. “That’s why insurers tread carefully – but they can’t afford to ignore them.”
