FFIEC Issues Statement on Cyber Insurance and Potential Role in Risk Management Programs

April 12, 2018

The Federal Financial Institutions Examination Council (FFIEC) issued a statement discussing considerations for financial institutions contemplating the purchase of cyber insurance as a component of their risk management programs.

The statement applies to all institutions supervised by the Office of the Comptroller of the Currency (OCC).

Although the FFIEC does require financial institutions to maintain cyber insurance, the evolving cyber insurance market and the shifting cyber threat landscape may prompt institutions to consider whether cyber insurance would be an effective part of their overall risk management programs. The statement notes that:

  • cyberattacks are increasing in volume and sophistication and that traditional general liability coverage insurance policies may not provide effective coverage for potential exposures caused by cyber events
  • cyber insurance may help reduce financial losses from a variety of exposures, such as data breaches resulting in the loss of sensitive customer information
  • cyber insurance does not diminish the importance of a sound control environment; rather, cyber insurance may be a component of a broader risk management strategy


Contact ALTA at 202-296-3671 or [email protected].