The Federal Financial Institutions Examination Council (FFIEC) issued a statement about cyber insurance and its involvement in a financial institution’s risk management programs. Cyber insurance coverage is meant to offset financial losses due to cyber incidents, such as data breaches of customers’ personal information. The FFIEC states that cyber insurance is not an agency requirement, but that financial institutions should analyze whether cyber insurance should be a component of its risk management programs. The FFIEC also includes a list of considerations that financial institutions should weigh when analyzing whether cyber insurance should be included in its risk management programs.
Click here for the full FFIEC statement and additional resources.