BID® Daily Newsletter
Feb 2, 2026

BID® Daily Newsletter

Feb 2, 2026

Blind Spots in Your Cyber Insurance Coverage Could Cost You

Summary: Cyber attacks cause expensive damage. While cyber insurance can help mitigate the cost, it’s not as foolproof as you hope. We discuss risks and preparedness in finalizing your cyber insurance policy.
Everyone knows what a fire extinguisher looks like, but in a real emergency, would you know how to use one? It’s not something they teach you in school, yet it’s a skill that can make or break your chances of minimizing damage and saving lives if there’s a fire. As it turns out, there’s an easy acronym to help you remember the steps. PASS stands for Pull, Aim, Squeeze, Sweep. So that’s pulling the pin from the handle, aiming the hose at the bottom of the fire, squeezing the trigger to spray, and sweeping the spray from side to side.
Similarly, you know what a cyber insurance policy is, but do you know for certain what it would cover if you made a claim? It’s not a guarantee that your community financial institution (CFI) will face a cyber attack, just like a fire isn’t something you’d assume will happen at your workplace or home. However, just like when it comes to putting out a literal fire, after a cyber attack happens isn’t when you want to find out that your policy doesn’t cover your losses.
As it turns out, this is an all-too-common issue for CFIs that have experienced cyber attacks. Just 1% of respondents to a 2024 poll said that their cyber insurance paid all the costs incurred by a cyber attack. On average, insurance paid just 63% of those costs.
Review Your Risk
As a leader at your CFI, you’ll want to review your risk, consider your choice of insurer, and review your coverage to make sure you’re protected in the spots where you want and need protection.
For many banks, the biggest driver of a gap between cyber incident costs and insurance payout is that total losses end up higher than the policy’s limits or sub-limits. Other common factors include: certain types of costs not being covered under the policy, expenses incurred before the carrier was notified or without the carrier’s consent, or the bank not meeting the cybersecurity controls and other conditions the policy required.
The most common cyber crimes exploit human trust and weak digital controls. For companies with less than $2B in revenue, ransomware is the most likely cyber threat. It accounts for 64% of cyber losses. AI-powered social engineering to create deepfakes and hyper-personalized phishing, as well as advanced impersonation scams, pig butchering, fraud, and traditional data breaches, are also worries for CFIs.
The longer a CFI’s systems are down in the wake of an attack, the more an attack is likely to cost in direct damage, lost work time, limited account access, and damaged customer trust.
It’s vital that CFIs pick the right insurer. Choose an insurance company that specializes in cyber coverage for financial institutions and has experience working with CFIs. The right provider should be able to advise you on aligning coverage with the scale of your CFI’s operations and risk profile, offer experience in handling claims for cyber incident damages, and match your insurance coverage to your risk management strategies.
Real CFIs That Experienced Cyber Insurance Claim Denial
In 2016 and 2017, hackers stole about $2.4MM from the National Bank of Blacksburg in Blacksburg, VA, using phishing and malware over two intrusions. During the incidents, Russia-based computers gained access to a computer at the bank that had permissions to manage customer accounts, ATM usage, and bank cards. Those capabilities were used to change customer PIN numbers, disable fraud protections, and remove daily transaction limits.
The National Bank of Blacksburg looked for backup from its insurance carrier, Everest National Insurance, but Everest argued that the bank’s computer and electronic crime coverage policy for $8MM did not cover incidents related to bank cards. Instead, this was covered under the Debit Card Rider, which only had a $50K payout. A federal court agreed, leaving the bank without recovery under that policy.
Understand What’s Covered
After choosing the right insurance provider, you’ll need to pick the right coverage and understand not just what’s included, but where limits, exclusions, and gray areas tend to surface during a claim. Comprehensive cyber insurance coverage usually includes payments for:
  • Data breach response. May include forensic investigation, customer notification, credit monitoring, call center support, and help meeting regulatory requirements — costs that can quickly use up available limits or sub-limits, depending on the policy.
  • Business interruption. May help cover certain costs related to operational disruptions to the CFI’s systems and, in some cases, downtime at covered third-party service providers — often subject to waiting periods, conditions, and sub-limits.
  • Legal and regulatory defense. Often includes defense costs for lawsuits or regulatory investigations following a privacy or security incident, and in some cases coverage for certain fines or penalties where insurable by law and included in the policy language.
  • Fraud and extortion. Ransomware and extortion events are commonly contemplated in cyber programs, while coverage for fraudulent electronic fund transfers or social engineering-type losses may fall under separate cyber, crime, or bond coverages and can vary widely by carrier and form.
  • Third-party liability. May address certain claims from customers or other third parties arising out of a covered privacy or security event, including incidents involving some third party service providers, subject to how the policy defines covered systems and vendors.
  • Reputation management. Some policies include support for public relations, crisis communications, and customer outreach efforts, typically under separate, lower sub limits and for a limited time after an incident, rather than broad coverage for all reputational or franchise value loss.
Most CFIs carry a tailored mix of coverage that includes cyber insurance, professional liability insurance, and financial institution bonds, and need a clear understanding of how those policies interact when an incident spans more than one category.
With a mix of insurance types, cyber claims don’t always fit neatly under a single policy umbrella. Talk with your insurance provider(s) to clarify where coverage begins and ends, and how policy sub-limits and exclusions may apply to incidents involving data corruption, malware, and fraud through digital means.
Practice Protection
Your insurance companies will likely require that you use strategies that help prevent breaches. This is, of course, a good idea, whether an insurance company mandates it or not. Barry Hensley, chief security officer at Brown & Brown Insurance in Daytona Beach, FL, suggests that CFIs proactively adopt “adversarial disruption” strategies: layered defenses that work to nip potential cyber incursions in the bud, before they can do further harm. 
CFIs should carefully consider and understand their cyber insurance before a claim occurs. Review your risks, select your insurer, pick the right coverage, and understand what it does and doesn’t protect you against, including any overlaps. Proactively guard against cybercrime with layered strategies that disrupt cyber incursions before they can do further harm.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Central Banks Cite Geopolitical Conflicts as a Top Risk
CFIs may be more susceptible to geopolitical events than it appears. We discuss some of the hidden risks and how to plan and prepare for them, if they do impact your institution.
This Malware Makes You an Offer You Can’t Refuse
Per tradition, we're looking back on our top articles of the year to BID goodbye to 2025. This July article details a new malware strain so devious that it can steal banking client credentials and drain assets before its presence is detected. CFIs should warn their customers about it before it’s too late.