The Federal Financial Institutions Examination Council (FFIEC) is examining conditions under which financial institutions should consider using cyber insurance regarding risk management programs.
The FFIEC and the National Credit Union Administration (NCUA) have released a joint statement on the endeavor.
Officials said cyberattacks are increasing in volume and sophistication and traditional general liability insurance policies may not provide effective coverage for all potential exposures caused by cyber events.
Industry professionals said cyber insurance could offset financial losses from a variety of exposures, including data breaches resulting in the loss of confidential information, that may not be covered by more traditional insurance policies.
As with any insurance coverage, however, cyber insurance does not diminish the importance of a sound control environment. Cyber insurance may be a component of a broader risk management strategy that includes identifying, measuring, mitigating, and monitoring cyber risk exposure.
Officials recommend financial institution management assess the scope of coverage of current insurance and consider how cyber insurance may fit into the institution’s overall risk management framework.
NCUA is an independent federal agency created by Congress to regulate, charter and supervise federal credit unions. It operates and manages the National Credit Union Share Insurance Fund, insuring the deposits of account holders in all federal credit unions and the overwhelming majority of state-chartered credit unions.