April 10, 2018
FFIEC Issues Joint Statement: Cyber Insurance and Its Potential Role in Risk Management Programs
The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached statement addressing factors to consider regarding cyber insurance.
Statement of Applicability to Institutions with Total Assets under $1 billion: This Financial Institution Letter applies to all FDIC-supervised institutions.
- FDIC-supervised institutions are not required to maintain cyber insurance. Cyber insurance could offset financial losses from a variety of exposures—including data breaches resulting in the loss of confidential information—that may not be covered by more traditional insurance policies.
- Traditional general liability insurance policies may not provide effective coverage for all potential exposures caused by cyber events.
- Cyber insurance does not replace a sound and effective risk management program.
- This statement does not contain any new regulatory expectations. It is intended to provide awareness of the potential role of cyber insurance in financial institutions’ risk management programs.
- An electronic version of the joint statement, as well as an FFIEC press release, is available at http://www.ffiec.gov/press.htm.