Making Sense of Cyber Insurance for Banks
3/13/2025
Cyber threats are shifting, and so is the insurance landscape that banks rely on to mitigate financial and operational risks. With ransomware the leading cause of cyber-related losses and overlapping insurance policies creating confusion, financial institutions benefit from carefully assessing their coverage. During a recent RMA webcast experts discussed key strategies banks may want to consider when reviewing their cyber insurance needs.
Understand Your Biggest Cyber Risks
Ransomware remains the dominant cyber threat, accounting for 64% of cyber losses for companies with $2 billion or less in revenue, according to a 2024 Study.net analysis. Banks looking to strengthen their resilience should consider evaluating not just the likelihood of an attack, but also the potential business interruption costs and litigation risks. The longer a bank’s systems are down, the higher the financial impact—making it useful to quantify potential losses before an attack occurs.
Know What Your Policies Cover
Cyber claims don’t always fit neatly into a single insurance policy. Banks typically rely on a mix of coverage, including:
- Cyber insurance (for data breaches, ransomware, and system failures)
- Bankers professional liability insurance (for customer claims of financial harm)
- Financial institution bonds (for fraud and asset misappropriation)
Because cyber incidents may trigger claims under multiple policies provided by different companies, banks should clarify where coverage begins and ends to avoid disputes among insurers. Banks also need to understand how sub-limits and exclusions in policies covering data corruption, malware, and fraud through digital means will affect them.
Prevent Adversarial Disruptions
Barry Hensley, chief security officer at RMA corporate member Brown & Brown Insurance, recommends that banks go beyond breach prevention by adopting “adversarial disruption” strategies—layered defenses that detect and stop attacks before they escalate. Meanwhile, Jenn Zacharias, chief information security officer at Peoples Bank, advises institutions to measure cyber controls against the National Institute of Standards and Technology (NIST) framework to identify gaps and strengthen defenses.
Plan for the Insurance Market’s Next Shift
Cyber insurance rates have dropped 10% to 30% in recent years, but experts warn that this trend may not last. According to John Kerns of Brown & Brown, insurers are operating in a “compressed premium environment” that will likely shift. Banks evaluating their policies should consider how their coverage accounts for new technologies, fintech partnerships, and evolving cyber risks.
A well-structured cyber insurance strategy isn’t just about coverage—it’s about preparedness. Banks that take the time to assess their risks, clarify their policies, and strengthen their security controls will be better positioned to handle the next wave of cyber threats.
