Financial Institution Letters
April 10, 2018
FFIEC Issues Joint Statement: Cyber Insurance and Its Potential Role in Risk Management Programs
The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached statement addressing factors to consider regarding cyber insurance.
Statement of Applicability to Institutions with Total Assets under $1 billion: This Financial Institution Letter applies to all FDIC-supervised institutions.
- FDIC-supervised institutions are not required to maintain cyber insurance. Cyber insurance could offset financial losses from a variety of exposures—including data breaches resulting in the loss of confidential information—that may not be covered by more traditional insurance policies.
- Traditional general liability insurance policies may not provide effective coverage for all potential exposures caused by cyber events.
- Cyber insurance does not replace a sound and effective risk management program.
- This statement does not contain any new regulatory expectations. It is intended to provide awareness of the potential role of cyber insurance in financial institutions' risk management programs.
- An electronic version of the joint statement, as well as an FFIEC press release, is available at http://www.ffiec.gov/press.htm.
- FDIC-Supervised Banks (Commercial and Savings)
- Chief Executive Officer
- Chief Information Officer
- Chief Information Security Officer
- Deborah Shaw, Senior Technology Specialist, at firstname.lastname@example.org or (202) 898-3763
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's website at https://www.fdic.gov/news/news/financial/2018/.
To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html.
Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).