Banking and Finance Law Daily FFIEC outlines role of cyber insurance in risk management programs
Tuesday, April 10, 2018

FFIEC outlines role of cyber insurance in risk management programs

By Andrew A. Turner, J.D.

Seeking to aid financial institutions in considering the use of cyber insurance as a component of their risk management programs, the Federal Financial Institutions Examination Council has provided a list of management considerations to help assess benefits and costs. The FFIEC joint statement says these may include:

  • involving multiple stakeholders in the cyber insurance decision;
  • performing proper due diligence to understand available cyber insurance coverage; and
  • evaluating cyber insurance in the annual insurance review and budgeting process.

Although the FFIEC members do not require financial institutions to maintain cyber insurance, increasing threats and an evolving cyber insurance marketplace may prompt financial institutions to consider cyber insurance as part of their risk management programs. Cyber insurance could offset financial losses from data breaches that may not be covered by more traditional insurance policies.

If management is considering cyber insurance, the FFIEC says an informed risk management decision requires a review of scope of coverage to identify gaps and costs for cyber events. Cyber insurance should be viewed as "a component of a broader risk management strategy that includes identifying, measuring, mitigating, and monitoring cyber risk exposure," according to the FFIEC.

MainStory: TopStory BankingOperations CyberPrivacyFeed FederalReserveSystem FinancialStability IdentityTheft Privacy

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More