Pub. 13 2018-2019 Issue 1

NEBRASKA BANKERS ASSOCIATION 19 EVALUATING CYBER INSURANCE TO MANAGE BANK RISK Russ Horn, CISA, CISSP, CRISC, CoNetrix TECH TALK O NAPRIL10, 2018, THE FEDERAL FINANCIAL INSTITUTIONS Examination Council (FFIEC) issued a joint statement to provide awareness of the potential role of cyber insurance in financial institutions’ risk management programs. While the FFIEC’s statement noted that cyber insurance is not required by the agencies, it acknowledges the right insurance can be a valuable control to offset financial loss resulting from cyber incident. In the past, many companies have elected not to include cyber insurance in their overall insurance coverage citing cost, confusion, and lack of perceived need as reasons. However, as cyber incidents increase in frequency and se- verity, and as cyber insurance programs grow in maturity, acceptance of cyber insurance is becoming amore appealing risk management control. What Is Cyber Insurance? Cyber insurance is designed to mitigate losses from a data breach involving sensitive customer information; how- ever, some coveragemay also include other cybercrime such as business interruptions or network damage. Cyber insur- ance varies greatly in coverage and enrollment. Policies can be offered on a standalone basis and they are also offered as additional coverage endorsements to existing insurance policies, such as general liability, errors and omissions, business interruptions, or directors’ and officers’ policies. Tech Talk — continued on page 20