ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Cybersecurity

Understanding Coverage Options for Cyber Threats

May 11, 2018
Reading Time: 3 mins read
ADVERTISEMENT

By Lorelie S. Masters, Syed S. Ahmad and Patrick M. McDermott

As the news about cyber breaches continues to show, businesses cannot rely on prevention strategies alone to protect themselves from cyber incidents. Nor are banks immune. For example, in 2016, the bank subsidiary of a major British retailer reported a hack that resulted in a $3 million loss. All companies must consider how they will respond once their systems are breached.

As recognized in a recent Federal Financial Institutions Examination Council statement, cyber insurance is one aspect of that response to contemplate. According to one study, the average cost per stolen record in the financial services industry was $336. The FFIEC statement points out that risks include “financial, operational, legal, compliance, strategic, and reputational risks resulting from fraud, data loss, or disruption of service.”

While non-cyber insurance policies like general liability, directors and officers and errors and omissions policies may provide coverage, those policies increasingly include provisions that attempt to specifically exclude coverage for liabilities arising out of cyber incidents. Thus, cyber insurance is a potentially critical component of a cyber breach response plan.

Cyber insurance policies can cover a wide range of losses and expenses associated with cyber incidents. For example, coverage may include the cost of forensic analysis to determine extent of damage, crisis response costs such as public relations efforts and legal advice, business losses such as lost income and lost digital assets, ransom payments made to unlock files encrypted by hackers, physical damage to hardware and repair costs. Cyber insurance policies may also cover expenses related to incidents that compromise personally identifiable information of customers, which can include costs related to notifying affected third parties, providing credit and identity monitoring, providing call centers for customer service and updates, providing identity restoration services, and replacing credit cards or other products. These costs may also include those associated with any lawsuits filed against the company related to the cyber breach.

ABA Insurance Services is endorsed by the American Bankers Association for cyber and privacy liability coverage. Learn more.
Because cyber coverages are not uniform and cyber risks continue to develop, companies should carefully consider their options when obtaining cyber insurance. For example, financial institutions are a primary target of social engineering attacks, which are on the rise. One insurer reported a nine-fold increase in social engineering attacks in 2017 as compared to 2016. Those attacks often involve a fraudster posing as another person in order to induce a fraudulent payment and can be very sophisticated. Coverage for losses related to social engineering schemes can turn on just one word in an insurance policy, and even then can be subject to special limits that are inadequate to cover the potentially large losses.

As another example, the financial services industry’s increasing use of distributed ledger technologies such as blockchain may pose potentially unique issues for insurance coverage. For instance, a cyber insurance policy may cover losses relating to a breach of computer systems, which specifically includes cloud computing and other hosted resources operated by a third-party service provider. It is not clear whether the insurer would consider blockchain technology to fall within this definition given that blockchains are peer-to-peer networks that are not necessarily operated by a third party.
Credit card company assessments and penalties, including those related to the PCI Data Security Standards, are another area for banks to carefully consider when obtaining cyber insurance. While standard cyber coverages may exclude coverage for contractual payments and for fines and penalties, that coverage may be available if requested.

Cyber insurance policies should also be reviewed to ensure that they will respond appropriately in light of new regulatory requirements seeking to protect against systemic risk and disclosure of individuals’ personal data. For example, the New York State Department of Financial Services has implemented a new regulatory scheme that imposes new requirements on banks, financial institutions and companies that sell insurance and insurance services if they operate in New York. One requirement is that covered entities must implement an overall cybersecurity program and notify NYDFS of any “cybersecurity event.” Companies operating in the European Union should carefully consider their options in this respect, given the large fines they may face under the General Data Protection Regulation, which takes effect on May 25, 2018.

The never-ending revelations of cyber breaches mean that the question for most banks is not if but when. Response plans are critical components of an overall cyber strategy, and cyber insurance is one important aspect of a response plan. When obtaining cyber insurance, banks should carefully consider the varying coverages and risks. As the FFIEC statement highlighted, engaging “outside advisors, such as attorneys and brokers” when purchasing cyber insurance can assist companies through that process.

Lorelie S. Masters and Syed S. Ahmad are partners, and Patrick M. McDermott is an associate, at Hunton Andrews Kurth LLP.

Tags: Cyber crimeCybersecurityData breachesRisk management
ShareTweetPin

Related Posts

Using Artificial Intelligence to Make Sense of Mountains of Data

Three myths about AI in banking

Technology
July 3, 2025

Common myths and misperceptions might confuse about what to expect and misdirect investment and efforts.

Banking forward: What is top of mind for 2025? 

ABA survey: Most banks likely to stick with current core provider

Newsbytes
July 2, 2025

While 69% of bankers are "extremely" or "somewhat likely" to remain with their current core provider at the next renewal, when they do pursue core conversions, the primary reason is poor customer service, according to ABA's survey results.

BIS: Stablecoins fail as ‘sound money’

BIS: Stablecoins fail as ‘sound money’

Compliance and Risk
June 27, 2025

Stablecoins as a form of sound money fall short, and without regulation pose a risk to financial stability and monetary sovereignty, according to a recent report by the Bank for International Settlements.

OCC seeks comment on digitalization challenges for community banks

ABA offers recommendations to boost community bank digitalization

Community Banking
June 26, 2025

The OCC should proactively support responsible community bank digitalization through transparency, information sharing and meaningful dialogue with stakeholders, ABA said.

Fannie, Freddie directed to consider allowing cryptocurrency for mortgages

Fannie, Freddie directed to consider allowing cryptocurrency for mortgages

Mortgage
June 26, 2025

Federal Housing Finance Agency Director Bill Pulte directed Fannie Mae and Freddie Mac to prepare proposals to allow cryptocurrency to count as an asset for a mortgage.

Fed’s Waller: FedNow grows to nearly 1,000 institutions

FedNow adds risk mitigation feature, boosts transaction limit

Newsbytes
June 25, 2025

The FedNow instant payments service this week announced it has launched a new account activity threshold feature and raised its transaction limit from $500,000 to $1 million.

NEWSBYTES

U.S. Bank survey: Small-business owners focus on succession planning

July 6, 2025

FDIC report: 97% of supervised institutions rated satisfactory or better for consumer compliance

July 6, 2025

Updated: President signs ‘big beautiful bill’ including numerous ABA-backed provisions

July 3, 2025

SPONSORED CONTENT

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

July 1, 2025
AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025

PODCASTS

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.