Key facts
- Two-thirds of banks insure their information security risk exposure.
- Banks rarely utilize their cyber insurance policies for claims.
- Banks are negotiating lower insurance costs.
- Banks are seeking capital offsets through insurance.
A recent study conducted by Risk.net indicates a significant trend among financial institutions regarding cyber insurance. The findings show that two-thirds of banks have opted to insure their exposure to information security risks. Despite this widespread adoption of cyber insurance policies, these banks rarely file claims against them. This suggests that while banks are investing in cyber risk mitigation through insurance, the actual incidence of events leading to claims is low, or the policies are structured in a way that makes claims infrequent.
Beyond simply acquiring insurance, banks are also actively engaged in negotiating lower costs for these policies. This indicates a desire to optimize their spending on risk management. Furthermore, institutions are seeking capital offsets through their insurance arrangements. This implies that banks are looking for ways to use their insurance policies not just for indemnification, but also as a tool to meet regulatory capital requirements or to free up capital that would otherwise be held against potential cyber threats.
The study highlights a complex relationship between banks, their cyber risk exposure, and the insurance market. While the high uptake of policies suggests a perceived need for coverage, the low claims rate raises questions about the effectiveness or necessity of such extensive coverage for actual cyber incidents. The focus on cost reduction and capital offsets points to a sophisticated financial strategy in managing cyber risk, where insurance is viewed as a component of a broader risk and capital management framework.