Key facts
- Two-thirds of banks insure their information security risk exposure.
- Banks rarely utilize their information security insurance policies.
- Banks are negotiating lower insurance costs.
- Banks are seeking capital offsets through insurance.
A recent study by Risk.net reveals that a significant majority of banks, specifically two-thirds, are actively insuring their exposure to information security risks. Despite this widespread adoption of cyber insurance, the study indicates that these policies are seldom used by banks when cyber incidents occur. This suggests that while banks are investing in cyber risk mitigation through insurance, the claims process or the nature of the covered risks may not align with their actual experiences.
Furthermore, the research highlights that banks are not only purchasing this insurance but are also engaged in strategic negotiations to lower their insurance costs. This includes seeking reduced premiums for their cyber policies. In parallel, banks are exploring avenues to utilize these insurance policies as a means to offset their capital requirements. This indicates a dual objective: managing cyber risk and optimizing financial resources.
The findings point to a complex relationship between banks, their cyber risk exposure, and the insurance market. The low utilization rate of policies could stem from various factors, including policy exclusions, high deductibles, or the specific types of cyber threats banks face. The active negotiation for lower costs and capital offsets suggests a proactive approach by financial institutions to leverage insurance not just for risk transfer but also for financial engineering.