bank cyber insurance cyber liability insurance banking cyber coverage bank insurance

Bank Cyber Insurance – Key Issues

Bank cyber insurance is my most requested discussion topic for my bank insurance clients. Bank cyber liability is a part of almost every conversation I have.

For twenty years, I have been providing banks with unbiased insurance advice and information. I don’t sell insurance. I don’t accept fees or commissions from insurers or insurance agents. I’m unbiased.

Insurers have built the bank cyber insurance policies to mesh with the bank bond and bankers’ management liability insurance. Exclusions and coverage limitations have been added to the standard bank insurance policies, making bank cyber insurance (AKA e-banking insurance) a necessity.

Suppose that your computer system is hacked and your private data is in the hands of the bad guys. Lawsuits will be filed based on your failure to protect customer privacy, breach of duty, and lost business opportunities.

Bank cyber liability insurance is concerned with liability claims that come from computer systems, Internet banking, and electronic commerce.

First, recall that your financial institution bond provides coverage for your loss of money due to computer theft and fraud losses. The “injuries” to third parties and subsequent legal actions triggered by computer use are the reason for bank cyber liability insurance.

As with most bank specialty insurance policies, bank cyber liability policies are unique to each insurance carrier and must be studied carefully. The following are some typical policy coverage sections and considerations.


Coverage – Cyber Liability Loss Event Protection

The basic policy includes coverage for bank cyber liability claims that arise out of any unauthorized use of, or unauthorized access to, electronic data or software within your covered electronic business systems. Coverage is also usually included for bank cyber liability claims of spreading a virus or malicious code, computer theft, extortion, or an unintentional act, mistake, error, or omission made by your employees or your subcontractors in the course of their duties for your bank.


Policy Aggregate

Most policies include a limit per claim and an aggregate limit that caps your total bank cyber liability coverage for the combination of all claims. Be aware of what coverage parts in your bank cyber liability insurance that make up the aggregate.


Coverage – Cyber Business Income Loss

If your e-banking system goes down, you may (so the theory goes) lose income or incur extra expenses in advertising. This section provides coverage for such losses. While most insurers offer this in bank insurance policies, I’m not convinced its all that valuable. Banks don’t lose money when their computers are shut down – not like a web retailer, for example.


Coverage – Intellectual Property Liability

Intellectual Property Liability insurance indemnifies the bank from the liability caused by the inappropriate use of the intellectual property of others on a Web site or e-banking facility. The coverage can include copyright infringement, theft of ideas, and trademark misuse. Note that most policies exclude patent infringement.


Coverage – Public Relations Expenses

Provides payment for the use of public relations firms and advertising to mitigate the damage to public perception should a privacy/data/or cyber breach occur. (Note: Your bank faces enormous risks for events that cause a loss of reputation. Public relations expense coverage in your e-banking liability insurance funds a relatively minor part of your overall reputation risk exposures. How’s your risk management plan?)


Privacy Breach Remediation Expenses

A hacker gets into your computer system. Private customer data is released. Your bank’s e-banking insurance will/should provide coverage for lawsuits that come from the breach. How about the expenses of informing customers of the breach and providing credit tracking services?

Review the limits of coverage you have for the expenses of mitigating a data breach in your bank computer system. Costs can include legal fees in building the letters to send to customers, the cost of printing and mailing, the cost of a call center to answer customer questions, costs of credit watch services. Even the smallest bank should have $500,000 of mitigation expense coverage.

Coverage – Cyber Extortion / Ransomware

First, look to your bond for coverage for ransomware attacks / cyber extortion. Many insurers are moving this coverage to the cyber liability policy as a separate coverage section. Be sure your insurance allows payment in cryptocurrency (most now do).

Policies Involved In Cyber Protection

Your cyber exposures are covered by a variety of policies.

–Bankers Fraud Bond (AKA The Bond or The Financial Institutions Bond)

–Cyber Liability Policy

–Management Liability Policy

–Computer Coverage (AKA Inland Marine or EDP)

–Business Property Coverage

–Equipment Coverage (AKA Machinery Coverage or Boiler & Machinery Insurance)


What Should You Do Now?

Well, take action! Let’s set up a call to talk about your bank’s insurance. I spend all day, every day working with banks helping them buy and manage insurance. Of that, I spend about 75% of my time with bankers talking about cyberbanking insurance issues. Let’s discuss your current situation and come up with a plan of action.  Most banks start with a review of insurance.  We can review your cyber issues or all your bank insurance coverage. Call me at 207-284-0085 or email