State and federal banking regulators have put their primary focus on cyber security, which include cyber insurance both as a risk management strategy and for purposes of demonstrating regulatory compliance. Financial institutions should review their cyber insurance security policies carefully to ensure that the scope, limits, and sub limits of the coverage are appropriate to their needs.
The amounts of insurance in place for cyber liability concerns should be commensurate with the level of risk involved with the bank’s daily operations as well as the type of activities that are to be provided. Bank owners and operators should also understand that not all cyber insurance products provided, as part of Insurance for Banks, are the same since the scope of coverage can vary dramatically among products offered by the different insurance carriers available.
Banks require protection against hackers
Computer systems are susceptible to intrusions. Cyber insurance is more of a concept rather than a product, so it’s unclear what criteria regulators will use to evaluate a bank’s cyber insurance, particularly in light of the rapidly changing insurance market where cyber issues are prevalent. At the very least, banks should be aware that their traditional insurance, such as commercial general liability and D&O, will most certainly exclude coverage for privacy breaches.
Some coverage may be found in a bank’s financial institution bond or E&O policies, but at best it will be insufficient for the costs associated with any loss of personal and confidential information. In addition, most banks have by now purchased some form of stand-alone specialty cyber product, and regulators likely will deem that, moving forward, this is now a necessity.
However, there currently is no such thing as a “standard” specialty cyber policy, so it is unclear whether regulators will deem the mere purchase of a cyber policy as sufficient to meet their standards. Banks are heavily dependent on the trust of their customers, shareholders, creditors, and government agencies. Therefore, banks should consider evaluating at least three variables that impact the amount of Insurance for Banks (that deals with cyber insurance issues) that they are carrying. These are the risks insured, the losses insured, and limits and sub limits.