Skip to main content
OCC Flag

An official website of the United States government

OCC Bulletin 2018-8 | April 11, 2018

Cyber Insurance: FFIEC Joint Statement on Cyber Insurance and Its Potential Role in Risk Management Programs


Chief Executive Officers of All National Banks, Federal Branches and Agencies, and Federal Savings Associations; Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties


The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members,1 has issued a joint statement that discusses considerations for financial institutions contemplating the purchase of cyber insurance as a component of their risk management programs.

Note for Community Banks

The joint statement applies to all institutions supervised by the Office of the Comptroller of the Currency.


Although the FFIEC members do not require financial institutions to maintain cyber insurance, the evolving cyber insurance market and the shifting cyber threat landscape may prompt institutions to consider whether cyber insurance would be an effective part of their overall risk management programs. The joint statement notes that

  • cyber attacks are increasing in volume and sophistication and that traditional general liability coverage insurance policies may not provide effective coverage for potential exposures caused by cyber events
  • cyber insurance may help reduce financial losses from a variety of exposures, such as data breaches resulting in the loss of sensitive customer information.
  • cyber insurance does not diminish the importance of a sound control environment; rather, cyber insurance may be a component of a broader risk management strategy.

For further information on overall insurance management expectations, institutions can refer to the "Corporate and Risk Governance" booklet of the Comptroller's Handbook, in the section titled "Ensure an Appropriate Insurance Program."

Further Information

Please contact Kevin Greenfield, Director of Bank Information Technology, at (202) 649-6550.


Bethany A. Dugan
Deputy Comptroller for Operational Risk

Related Link

1 The FFIEC comprises the principals of the following: The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, and State Liaison Committee.