Summary:
The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached statement addressing factors to consider regarding cyber insurance.
Statement of Applicability to Institutions with Total Assets under $1 billion: This Financial Institution Letter applies to all FDIC-supervised institutions.
Highlights:
- FDIC-supervised institutions are not required to maintain cyber insurance. Cyber insurance could offset financial losses from a variety of exposures—including data breaches resulting in the loss of confidential information—that may not be covered by more traditional insurance policies.
- Traditional general liability insurance policies may not provide effective coverage for all potential exposures caused by cyber events.
- Cyber insurance does not replace a sound and effective risk management program.
- This statement does not contain any new regulatory expectations. It is intended to provide awareness of the potential role of cyber insurance in financial institutions' risk management programs.
- An electronic version of the joint statement, as well as an FFIEC press release, is available at http://www.ffiec.gov/press.htm .
Suggested Distribution:
- FDIC-Supervised Banks (Commercial and Savings)
Suggested Routing:
- Chief Executive Officer
- Chief Information Officer
- Chief Information Security Officer
Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).
FIL-16-2018