FFIEC Members Issue Joint Statement to Financial Institutions on Role of Cyber Insurance as Risk Management Tool

Norman Roos
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

On April 10, the Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement discussing cyber insurance and its potential role in the risk management programs of financial institutions. Members of the FFEIC include the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee.

Cyber insurance covers losses related to cyber-attacks and data breaches and may include coverage for customer notification, event management, business interruption, cyber extortion, and claims made by financial institutions’ customers, partners, or vendors as a result of cyber incidents. Traditional general liability or basic business interruption insurance coverage may only partially cover cyber risk exposures or may not cover them at all.

The FFIEC does not currently require financial institutions to maintain cyber insurance. However, the joint statement cites the increasing number and sophistication of cyber-attacks faced by financial institutions and suggests that cyber insurance should be evaluated as an effective addition to an institution’s risk management strategy. The joint statement emphasizes that “cyber insurance does not remove the need for a sound control environment. Rather, cyber insurance may be a component of a broader risk management strategy that includes identifying, measuring, mitigating, and monitoring cyber risk exposure.”

The FFIEC recommends that financial institutions considering cyber insurance do the following:

  • Involve multiple stakeholders, such as legal, enterprise and operational risk management, finance, information technology, and information security management, in the cyber insurance decision.
  • Perform proper due diligence to understand cyber insurance coverage, triggers, exclusions, and limits.
  • Evaluate cyber insurance in the annual insurance review and budgeting process.

The full FFIEC joint statement is available here.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide