26
www.
cbai
.com
+
Community Bankers Association of Illinois
Bank
notes
T
here have been numerous headlines regarding
cyber attacks originating from international hackers
infiltrating computer systems for money or private-
identity information. It’s a problem for every
business, not just community banks although they get much
of the media attention. If you’ve got a computer, you’ve got risk.
Since 2008, over 500 million data records have been
compromised. In 2010 alone, 761 breaches were reported.
1
Again, all types and businesses were impacted.
Even with proper internal controls, a breach can still occur
creating risk of a
financial, reputational, or regulatory/
legal nature.
There are notice requirements to State
Attorneys General in 47 states, including Illinois.
Consequences of a breach include costs of coping with and
recovering from the breach, minimizing lawsuit potential,
resolving conflict, and taking further measures to prevent
future risk exposure. Computer forensics may be needed
to determine point of entry and a fix. Forensics can also
assist in assessing the universe of loss data, including whose
information was compromised. The legal team would need
to determine what type of information was compromised and
whether notice needs to be sent to the individuals. Along with
notification expenses, credit-report monitoring to affected
persons for one year afterward increases cost, as well as
engaging a public-relations firm to minimize loss of customer
confidence, or creating a call center to handle questions from
affected parties.
Potential third-party claims stemming from a breach of
personal data include the failure to protect private information
and health records, a failure to notify in a timely manner, ID-
theft insurance, cost to cancel or reissue cards, open new
accounts, costs of fraudulent purchases, and defending
against government-regulator claims.
THE CASE
FOR
CYBER INSURANCE:
NOT
A
QUESTION
OF IF
,
BUT
WHEN
Patricia M. Tobin, CIC, FI Specialist, Community BancInsurance Services, Powered by Nicoud, Springfield, IL
Not a just as a community bank
but as an employer, how well
do you monitor data in motion
to protect against leakage of
confidential information?
