What the form is
The CY 00 11, titled Financial Institutions Information Security Protection Cyber Policy, was a specific insurance policy form developed by the Insurance Services Office (ISO). Its primary purpose was to offer dedicated cyber liability and information security protection coverage tailored to the unique risks faced by financial institutions. This form has since been withdrawn by ISO.
Classes of business it applies to
This policy was specifically designed for various types of financial institutions. While the form itself is withdrawn, the types of entities it would have covered include, but were not limited to:
- Banks
- Savings institutions
- Securities brokers and dealers
- Insurance companies
- Finance companies
- Credit unions
- Mortgage bankers
For example, a regional bank concerned about data breaches of customer financial information or a credit union looking to protect against online fraud and security failures would have been a typical candidate for this type of policy.
Special considerations
A crucial consideration is that form CY 00 11 has been withdrawn. Its coverages were consolidated into the broader Information Security Protection Cyber Policy, CY 00 03, with the 11 21 edition. This was part of ISO's initiative to streamline its commercial cyber insurance product line. Therefore, this form should not be used for new or renewing policies. Certain endorsements were specifically designed for use with CY 00 11, such as CY 20 07 (Exclusion – Regulatory Agency) and CY 20 14 (Computer Fraud). As of late 2022, while withdrawn in most jurisdictions, it was noted as potentially still being technically available in California, Florida, and the Virgin Islands, pending full replacement by CY 00 03 11 21.
Key information for agents and underwriters
Agents and underwriters must be aware that CY 00 11 is an outdated and withdrawn form. Any new cyber coverage for financial institutions should be written on current ISO forms, such as CY 00 03 11 21, or on proprietary insurer forms. When reviewing historical cyber coverage for a financial institution that may have been written on a CY 00 11, underwriters should understand its specific focus on financial industry risks to properly assess any gaps or changes when transitioning to a newer form. The incorporation into CY 00 03 aimed to provide a more comprehensive and streamlined approach to cyber coverage, including for financial institutions. Understanding the evolution from specialized forms like CY 00 11 to broader forms like CY 00 03 is key for advising clients on the most current and appropriate cyber risk solutions.