On April 10, 2018, the United States Federal Financial Institutions Examination Council (“FFIEC”) issued guidance for financial institutions considering the purchase of cyber insurance to help manage cyber risks. The guidance is helpful for Canadian financial institutions and organizations in other industries.
Cyber Risks
Cyber risks are risks of harm (e.g. business disruption loss, financial loss, reputational harm, trade secret disclosure and other competitive harm) and costs/liabilities (e.g. incident response and remediation costs, litigation/regulatory proceeding costs, and liabilities to stakeholders, business partners, customers and regulators) suffered or incurred by an organization as a result of a failure or breach of the information technology systems used by or on behalf of the organization or its business partners (e.g. suppliers and service providers), including incidents involving unauthorized access, use, disclosure, modification or deletion of data in the organization’s possession or control. Cyber risks can result from internal sources (e.g. employees, contract workers and system failures) or external sources (e.g. nation-states, terrorists, competitors,…
