Markets Wired

FIL-16-2018
April 10, 2018

FFIEC Issues Joint Statement: Cyber Insurance and Its Potential Role in Risk Management Programs

Printable Format:

FIL-16-2018 – PDF (PDF Help)

Summary:

The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached statement addressing factors to consider regarding cyber insurance.

Statement of Applicability to Institutions with Total Assets under $1 billion: This Financial Institution Letter applies to all FDIC-supervised institutions.

Highlights:

• FDIC-supervised institutions are not required to maintain cyber insurance. Cyber insurance could offset financial losses from a variety of exposures—including data breaches resulting in the loss of confidential information—that may not be covered by more traditional insurance policies.
• Traditional general liability insurance policies may not provide effective coverage for all potential exposures caused by cyber events.
• Cyber insurance does not replace a sound and effective risk management program.
• This statement does not contain any new regulatory expectations. It is intended to provide awareness of the potential role of cyber insurance in financial institutions’ risk management programs.
• An electronic version of the joint statement, as well as an FFIEC press release, is available at http://www.ffiec.gov/press.htm.