Client Alert: Cybersecurity Risks Impact Trusted Relationships
A bank’s relationship with its customers is fundamentally built upon trust. Nothing threatens to undermine that trust more than a data breach incident. Data breaches and other cybersecurity events have become commonplace news stories and now regulatory agencies are reacting with special examinations, policy guidance, enforcement actions and heightened expectations for banks. Protection of your customers’ sensitive financial information must be a key priority that is proactively addressed by your board of directors and senior management through a strong governance model and a robust customer-focused response protocol.
Cybersecurity Governance Model
A strong cybersecurity risk governance model for your bank should include:
- The development of a written strategic plan.
- A comprehensive policy and procedure infrastructure.
- An engaged Board that receives presentations concerning the practical and fiduciary risks involved.
- The assignment of appropriate duties and responsibilities for implementation and execution of the program among the Board, senior officers and staff.
- The establishment of a system of periodic external and internal reviews to ensure that the program continues to accurately address evolving technology and associated emerging risks.
We are assisting our clients as they develop a program that suits their specific situation.
Data Breach Response Protocol
We advise our clients to develop a substantive response protocol before any potential incident occurs. Although each breach is unique, a series of steps can be followed that will assist the bank in resolving the matter. Responding to data breach incidents involves assessing each phase of the event’s life cycle:
- Discovery of the breach or unauthorized access;
- Investigation of the cause or source of the breach;
- Identification of the affected customers;
- Advising boards and senior management about evolving cybersecurity expectations;
- Determining customer notice obligations;
- Contacting law enforcement and regulators; and
- Managing the potential legal and related consequences of the breach.
These steps should be tailored based on the type and severity of the breach or intrusion. They should also include an assessment of insurance and public relations issues as well as possible legal actions that may arise, including addressing any variance in state law requirements from federal standards. Our experienced team has assisted a number of banks in managing the fallout from these incidents, allowing banks to focus on maintaining and preserving their trusted customer relationships.
Point Of Interest
Future client alerts will discuss specific risks posed by a bank’s use of social media, the newly minted regulatory expectations and related guidance and the lessons learned from recent breaches. If you have specific questions about developing a response protocol, please contact any of the following members of our team.