The Weak Spot in Banks’ Cyberinsurance
Numerous banks have been hit by cyberattacks in recent months—some of which were targeted by the same fraudsters. After $1.3 billion-asset National Bankshares was hit by two separate cyberattacks in May 2016 and January 2017, a lot of banks should be double-checking the fine print of their coverage since not all cyberinsurance policies will provide the necessary level of reimbursements.
National Bankshares filed a claim seeking to recover the millions of dollars of customers' money that was stolen. When the claim was rejected, the bank took its carrier, Everest National Insurance, to court. National Bankshares has argued that the computer and electronic crimes policy rider is applicable in their case because that is how the hackers accessed the bank's network; however, Everest said that only the policy rider for crimes used through fraudulently obtained debit cards should apply, which would limit the insurance payout to $50,000 rather than cover the full losses.
Additionally, as insurance attorney Thomas Bentz told American Banker, although cybersecurity insurance has been around for at least 20 years, it has only recently been more widely adopted by financial institutions. The sharp rise in cyberattacks on banks and other financial institutions has led more companies to purchase policies, but the institutions don't often ask the right questions to ensure they have chosen the right coverage.
"It's very common for banks to not have a cybersecurity policy, or to just get [riders] added to a general [liability] policy. But if you don't buy coverage that addresses these things head-on, you're running a lot more risk," Mr. Bentz advises.