+
May 2013
27
Community Bankers Association of Illinois
Bank
notes
INTERNATIONAL RISK MANAGEMENT INSTITUTE
ESTIMATES $214 PER DATA RECORD
2
:
WHERE TO INSURE A
COMMUNITY BANK’S ELECTRONIC EXPOSURES
Property-Casualty Insurance
best protects the physical
damage exposure to equipment, data, and media from covered
perils such as fire. An electronic data processing (EDP) rider
or separate policy is preferred to provide additional protection
with separate limits, including equipment breakdown.
General Liability
would normally protect an insured from
negligence causing property damage or bodily injury; however,
most policies contain an absolute exclusion from computer-
related events and you must purchase separate protection.
FI Bond
is dishonesty, crime, and fraud-related events
coverage. There are various insuring agreements that are
computer-related and designed to respond accordingly.
Computer Systems Fraud
responds to dishonest or
fraudulent entry of data or changes to data or software
programs. Request an option for e-mail transfer fraud.
Voice
& Facsimile Funds Transfer Fraud
responds to loss
due to transfer of funds from an unauthorized, fraudulent
voice or facsimile instruction.
Hacker & Virus Coverage
provides for duplication or restoration of computer programs
damaged by hackers or computer virus. Ask your insurance
representative about employee sabotage of data or programs.
Forgery may include electronic or digital signatures. Lastly,
ATMs on- or off-premises may be scheduled for their cash
exposure in each machine. Ask your insurance representative
to secure the lowest deductible possible.
Some
D&O Policy(ies)
integrate e-commerce protection but
be mindful of the highest, single-aggregate limit of liability
of ANY insuring agreement, or policy aggregate, including
defense. For that reason, it is preferred to have a separate
Cyber Insurance Policy.
Any electronic incident would
not, therefore, impact available D&O Limit or Aggregate.
Cyber policies can also include public relations expense
to help protect and restore the bank’s business reputation.
Customer-privacy expenses may also be included as a result
of unauthorized access to company customer information.
Not just as a community bank but as an employer, how
well do you monitor data in motion to protect against
leakage of confidential information?
3
Are there policies in
effect requiring that removable media containing sensitive
information is properly labeled and protected against
unauthorized access? Is there a current, centralized, and
documented IT-security policy which includes defining the
acceptable use of all company IT resources, including email
and access to the internet?
Before you conclude this won’t happen to your community
bank, ask yourself how possible it would be for a bank
employee to misplace a laptop containing customer records,
including social-security numbers. What if a cyber criminal
hacks into the bank’s internal processing system and captures
names, addresses, and credit card information. Any problem?
What about a computer virus totally destroying the insured’s
operating-system software and data? Any problem with a lost
USB device used for back-up? What about a bank employee
joining a rival bank and downloading customer data? Could
one of your bank employees receive an e-mail appearing to
be from a legitimate source, and subsequently activating a
“Trojan Horse” computer virus that permits key strokes to be
read from that computer. Then, the perpetrator uses info to
obtain banking and password data to initiate a fraudulent
electronic-wire transfer from a customer’s bank account.
Ask yourself, “Am I covered for that or not?”
n
1
Verizon 2011 Data Breach Investigations Report
2
International Risk Management Institute
3
Phil Aderton, VP, CTH Technologies, Lisle, IL
Tobin can be reached at 217/414-4485 or
.
Community BancInsurance Services Powered by Nicoud is a preferred
service provider of Community BancService Corporation (CBSC).
Category
Description
Cost
(Per Record)
Discovery, Response,
and Notification
Outside legal fees, customer
notification, call center,
marketing, and public relations
$50
Lost Employee
Productivity
Employees diverted from
normal duties; contract labor
$32
Restitution
Compensating affected
customers for direct losses
$34
Opportunity Costs
Loss of future business
opportunities
$98
Total Direct Cost
(Per Account Record)
$214
DID
YOU
KNOW?
Since
2008, over
500
mi l l i on
data records
have been
compromised.
761
breaches
were reported
in 2010 alone.
