SlideShare a Scribd company logo

January 2016 Wisconsin Banker - Cyber Article

J
Jeff Otteson

The document discusses strategic planning for banks. It emphasizes that the first step is defining the bank's mission and goals for both the short and long term. It advises creating a short term plan to maximize current performance and a long term plan to clarify future changes. Overall it stresses the importance of determining a destination before embarking on strategic planning.

1 of 4
Download to read offline
strategic planning. “The process starts with clearly understanding what your mission is, then what your culture and values need to be,” he said. “Then identify your objectives and what key performance metrics you’ll use to hold yourselves accountable.” The final step in this process is to determine the specific opportunities and threats that could help or hinder those objectives, including both internal or external factors and resources. You Are Here: Set Your Destination Defining your bank’s mission starts with knowing who you are as an organization today and who you want to be in the future. Many institutions have a mission that defines one or the other, but both are necessary. They are your start and end points on the map. Smith advises creating a short-term plan (usually 12-24 months) that addresses the bank’s current structure and maximizes performance of where the bank is now. The long-term plan should look 3-5 years in the future and clarify when and how to put changes in place. PRSRTSTD U.S.POSTAGE PAID UMS WisconsinBankersAssociation 4721SouthBiltmoreLane Madison,WI53718 JANUARY 2016 WISCONSIN BANKERS ASSOCIATION FOUNDED 1892 Chart the Course, But First Determine Your Destination To create an effective strategic plan, directors must first establish specific end goals According to NetDili- gence’s 2015 Cyber Claims Study,* the average number of records exposed in a data breach has climbed from 1.4 million in 2012 to 3.2 million in 2015, and the financial services sector remains a popular target (with 17 percent of data breaches, second only to the healthcare sector with 21 percent). As a result of this growing Cyber-Liability: Are You Covered? Don’t “set it and forget it” with your protection By Amber Seitz (continued on p. 29) (continued on p. 32) degree and complexity of risk, the landscape of cyber-liability and cyber-security insurance is undergoing dramatic change. “The coverage By Amber Seitz The first step in formulating a successful strategic plan is defining where you want that plan to take your institution. Skipping this step is like going on a road trip without picking a destination. Any map you bring along on that trip will be useless until you know where it is that’s available in this area is in greater flux than any area since the product liability insurance crisis in the 1980s,” said Mark Foley, attorney at von Briesen & Roper, s.c. “About a dozen of the major companies writing cyber-security coverage are reviewing their policies on an annual or semiannual basis for changes in coverage.” This accelerated evolution requires bank directors and manage- ment to reassess their you want to end up. “Many banks go into the strategic planning process without knowing where they want to go,” said Philip K. Smith, president of Gerrish McCreary Smith Consultants and Attorneys. To avoid that pitfall, bank directors must take the time to fully describe their high-level goals for the institution. “If you get the high-level stuff right, the details will fall into place,” said Ken Johnson, principal at Ken Johnson Consulting. To accomplish that, Cass Bettinger, president of Cass Bettinger and Associates, recommends engaging in mission-driven coverage on a much more frequent basis than in the past. Many D&O policies offer coverage for signi- ficant expenses associ- ated with cyber-liability, but typically do not include post-breach response assistance. Because of that, more community banks are purchasing specialty insurance to protect the institution. According to Jeff Otteson, vice presi- dent of sales at Midwest Bankers Insurance Services (MBIS),
roughly 50 percent of institutions purchase a separate specialty cyber-liability and crisis management expense policy. In order to make an informed decision regarding the bank’s cyber-liability and cyber-security insurance, management and the board of directors must first understand their options and then undergo an assessment to determine the best coverage for their institution’s unique needs. Understand Your Options It’s important for bank management to understand that cyber-liability coverage is not simply coverage for e-banking services. Nicholas Economidis, E&O underwriter at Beazley, a specialist insurer, clarified this common misconception. “Cyber-liability is about coverage for liability associated with a loss, theft or unauthorized disclosure of information, as well as for expenses associated with a data breach event,” he said. The two basic classifications of coverage are first- and third- party. Foley explained that first-party insurance protects the institution against its own losses and expenses related to a breach, whereas third-party coverage protects against claims by third parties (such as the bank’s customers, affiliates, or service providers) for losses they suffer because of a data breach at the bank. “You need both first- and third-party coverage in connection with a data breach,” Foley advised. One benefit of choosing a policy with both first- and third-party coverage is that it avoids overlapping policies with the bank’s other insurance carriers. “Overlapping policy language can lead both to unnecessary and expensive duplication of coverage or to dangerous coverage gaps and disputes,” Foley added. Due to the complex nature of cyber-security, there is a wide variety of coverages available to financial institutions, each with its own merits. “Many bankers feel that all cyber-liability policies are created equal, but they’re not,” said Otteson. “Each carrier has unique policy language, limit structure, exclusions and pre- and post- breach risk management offerings or services.” That variety means it is critical for bank management and directors to ask questions and thoroughly review their options. “The most important thing for directors is to Cyber-Liability (continued from p. 1) The nature of the risk is changing quickly, so the nature of the insurance that’s available is also changing quickly. It’s not just a matter of looking at whether the premium has changed when it comes time for renewals. – Mark Foley von Briesen & Roper, s.c. Many bankers feel that all cyber-security policies are created equal, but they’re not. – Jeff Otteson Midwest Bankers Insurance Services More than $225,000 in Scholarships Available Annually gsb.org The Wisconsin Bankers Association is pleased to offer scholarship opportunities to its member bankers through the Herbert V. Prochnow Educational Foundation, a supporting organization to the Graduate School of Banking at the University of Wisconsin – Madison. The GSB Prochnow Foundation offers nearly one quarter million dollars in scholarships every year to bankers who want to improve their careers and organizations through education. Scholarships are distributed through the WBA for the Graduate School of Banking and the GSB Human Resource Management School. Apply today for a scholarship to attend a program at the nation’s leading and most progressive banking school. For details, contact Nick Loppnow at the Wisconsin Bankers Association at nloppnow@wisbank.com. Sponsored by: Educating Professionals, Creating Leaders 32 JANUARY 2016 (continued on p. 33)
By Mike Semmann nVestWisconsin launched on Giving Tuesday (Dec. 1, 2015) with the help of WBA and Crowdfund i94. This WBA website is one of the state’s first crowdfunding websites to support local nonprofits, businesses and projects. Spe- cial Olympics of Wisconsin, Madison Scouts Drum & Bugle Corps, Habitat for Humanity of Wisconsin and the Zoological Society of Milwaukee are the first four nonprofit organiza- tions to launch fundraising projects on nVestWisconsin. Each nonprofit ran a 30-day fundraising campaign through individuals and businesses to make a contribution to a non-profit or business to assist with a specific project. nVestWisconsin Securities, which will launch in 2016, will allow institutional and individ- ual investors to purchase securities in an online platform. Donor. Investor. nVestWisconsin’s users may fall into one or both categories, but what unites all of them is a desire to see the Dairy State grow and prosper. Semmann is WBA executive vice president and chief opera- tions officer and also serves as president of nVestWisconsin. they choose or to truly own a piece of something good in their home state. This is also true for banks and bankers. You see, nVest is unique because it has two separate but related pages within it: nVestWisconsin Donate and nVestWisconsin Securities. nVestWisconsin Donate provides opportunities for nVest in order to meet their specific needs and goals. One goal of nVestWisconsin is to encourage people to consider how they invest in their community. Donating is not a one-size-fits-all activity, and by offering an option to either donate or invest, the new crowdfunding platform allows Wisconsinites to give however WBA Launches nVestWisconsin: Wisconsin’s Local Crowdfunding Platform New website takes the "give local" campaign digital Association Update Michael B. Semmann WISCONSIN > Visit nVestWisconsin today! donate.nvestwisconsin.com. make sure they understand the nature, likelihood, and potential ramifications of all the risks and therefore all of the types of coverage that they could purchase so that they’re making an informed decision as to which ones to buy,” said Foley. Economidis suggested looking for three different coverage features. One important type of coverage to consider is regulatory defense and penalties coverage, preferably provided on a duty to defend basis. “Financial institutions are heavily regulated and may be subject to regulatory scrutiny after a breach event,” Economidis said. He also recommended seeking coverage for breach response services provided outside the limit of liability available for defense and indemnity of a claim, as well as a careful exploration to determine what coverage is offered to the bank in the event a third-party vendor they use suffers a breach or loss of information in their care. Otteson recommends bank management also consider each policy’s limit structure with regard to the liability limits and the crisis management expense limits. Typically, crisis management expense limits include forensics, credit and identity monitoring, public relations and notification expenses after a breach. Some policies offer separate “towers” of coverage limits, which will not erode the liability limit. Otteson said that when the expense limits are shared with the liability limit, community banks should increase their liability limit in proportion with the expense limit. Follow a Selection Process Each institution has unique coverage needs, so assessing policies will be different. However, establishing a set procedure for identifying the bank’s needs and risk tolerance and evaluating policy options will make the renewal process much smoother. “The nature of the risk is changing quickly, so the nature of the insurance that’s available is also changing quickly,” said Foley. “It’s not just a matter of looking at whether the premium has changed when it comes time for renewals.” He advised boards to do in-depth review of the bank’s coverage at least annually. The first step in such a review should be to forecast the bank’s expected losses and determine its risk tolerance. “Banks should attempt to forecast the expected loss associated with a data breach event both from a worst-case scenario as well as a probable- loss scenario,” said Economidis. “Then, with these figures in mind, banks should consider how much risk they are comfortable retaining, and seek to purchase insurance for the remaining risk.” Otteson advises bank management to also consider the number of customers the institution has (including past customers, current employees, and past employees), as that drives the cost for notifications after a breach, along with the cost of credit and identity monitoring. Economidis also recommended using benchmarks as a litmus test regarding the amount of coverage that institutions of similar size have purchased. “This benchmarking process can provide a reality check for the loss forecasts generated earlier in the process,” he said. Perhaps the most important step in any cyber-liability coverage assessment is determining what isn’t covered under a particular policy. “Businesspeople typically don’t know what a policy does not cover,” Foley said. He explained that confusion results from both new technology terms unfamiliar to senior management and state-of- the-art insurance terms which have been litigated for decades – sometimes centuries – and Cyber-Liability (continued from p. 32) The biggest mistake insured and potential insureds make is assuming that they’re prepared to handle a data breach event. – Nicholas Economidis Beazley JANUARY 2016 33 (continued on p. 34)
Rose Oswald Poels is WBA president and CEO ropoels@wisbank.com | 608/441-1200 Twitter: @RoseOswaldPoels There’s certainly no shortage of information channels in this day and age.You can find out news from around the globe in newspapers, online and even on your smartphone. If you don’t have time to sift through hundreds of articles and news bytes, here’s what you need to know about what’s going on in the banking industry this month: WBA Perspective Industry briefings for Wisconsin bankers Legislative Advocacy House Passes Portfolio Lending and Mortgage Access Act H.R. 1210, the Portfolio Lending and Mortgage Access Act, passed the House on Nov. 19, with a vote of 255-174. This legislation provides that loans originated by insured depository institu- tions and held in portfolio are treated as Quali- fied Mortgages under the Truth in Lending Act. A letter of support was sent the day before the vote by WBA and 53 other banking associations. However, three members of the Wisconsin delegation voted “no,” so WBA promptly contacted the offices of those Representatives to express our serious disappoint- ment in their vote on this signature issue. This was the latest effort in three years of lobbying to provide relief to Wisconsin bankers on this issue. Thanks go out to all bankers who contacted their legis- lators. WBA extends a special thanks to the bankers who attended our two Government Relations summits last spring as this was one of the priority issues taken to legislators during those events. Industry News WBA Raises Over $5,000 for Charity The WBA staff raised over $5,000 for United Way during a week-long fundraiser boasting a variety of activities for staff participation. The United Way gave WBA their Bronze Award, which is awarded to companies where em- ployee gifts average $50-$99 per employee. Judicial Advocacy Wisc. Sup. Ct. Hears Oral Argument in Walworth State Bank v.Abbey Springs Condominium Assn. The Wisconsin Supreme Court heard lively oral argument on Nov. 9, 2015 in Walworth State Bank v.Abbey Springs Condominium Association, a case in which WBA submitted an amicus brief. The primary issue before the court was whether a condominium association may legally enforce a policy that forbids new owners of a condo- minium unit, purchased at foreclosure, to use the condominium’s recreational facilities until the previous owner’s delinquent dues and assessments for such facilities are paid up to date. WBA noted that if the case is decided in favor of the association, lenders would be less likely to make condo loans or would increase costs to borrowers to cover the higher risks associated with condo lending. The Court’s opinion is expected in 2016. NEWS require a level of expertise that most individuals outside the industry haven’t acquired. Get Expert Advice Obtaining the services and advice of external experts, such as a broker or lawyer, is crucial for a thorough and successful review of the bank’s cyber-liability and cyber- security insurance coverage. “Because the changes are so fast and furious, you should work with a broker, consultant, or lawyer who knows this area and can help you assess what you need and help you find someone who’s offering it,” Foley said. “Foremost, work with a broker that has expertise in cyber-liability,” Economidis agreed. “After that, attain quotes from key markets and work with your broker to understand the key distinctions between various offerings.” In addition to external expertise, Otteson highly recommends that bank management involve their IT Department when doing carrier reviews and due diligence. “As the climate changes and exposures become greater, a best practice would be for community banks to engage their IT experts regarding their cyber exposures and the policies the bank purchases,” he said. Involving the bank’s IT experts in the insurance assessment may also lead management to better understand which vulnerabilities can be rectified through technical or policy means, and which risks require insurance because they cannot be fully mitigated by the bank. Bank management should ensure that the board of directors understands that they cannot – and should not – assume the bank can handle a data breach internally. “The biggest mistake insured and potential insureds make is assuming that they’re prepared to handle a data breach event,” said Economidis, noting that most institutions have little, if any, experience handling such events and are therefore ill- equipped to do so effectively or efficiently. “Institutions should seek insurers, or other partners, with significant breach experience for assistance with a breach event,” he said. “Every bank should have a written computer incident response and investigation plan that is practiced and updated at least annually.” In short, don’t handle a breach event alone. Seitz is WBA communications coordinator. *View the full 2015 study online at www.netdiligence.com/downloads/ NetDiligence_2015_Cyber_ Claims_Study_093015.pdf. Cyber-Liability (continued from p. 33) “I am very proud of the significant dollars this staff personally donates each year for United Way. It is great to be able to say to our members and to the community that the WBA staff understands the importance of giving back to their community and proves that through the generous donation of their hard-earned dollars,” explained WBA’s Rose Oswald Poels. For more industry updates like these, sign up to receive the WBA Executive Letter ePublication by visiting www.wisbank.com/subscriptions. JUDICIAL ADVOCACY LEGISLATIVE ADVOCACY 34 JANUARY 2016

Recommended

Do Millennials really lead Digital Banking?
Do Millennials really lead Digital Banking?Do Millennials really lead Digital Banking?
Do Millennials really lead Digital Banking?
Chris Barlow
 
Community Call Currency Risk V1
Community Call Currency Risk V1Community Call Currency Risk V1
Community Call Currency Risk V1
Premal Shah
 
Social Trends Report
Social Trends ReportSocial Trends Report
Social Trends Report
Meghan Brown
 
Benchmarks World Class Final ppt
Benchmarks World Class Final pptBenchmarks World Class Final ppt
Benchmarks World Class Final ppt
Meghan Brown
 
Social Trends
Social TrendsSocial Trends
Social Trends
Meghan Brown
 
Online Giving Marketplaces Kiva Presentation
Online Giving Marketplaces Kiva PresentationOnline Giving Marketplaces Kiva Presentation
Online Giving Marketplaces Kiva Presentation
Premal Shah
 
p2p microfinance presentation before Kiva
p2p microfinance presentation before Kivap2p microfinance presentation before Kiva
p2p microfinance presentation before Kiva
guestc0a771
 
Predatory Lending Practices & How to Avoid Them
Predatory Lending Practices & How to Avoid ThemPredatory Lending Practices & How to Avoid Them
Predatory Lending Practices & How to Avoid Them
milfamln
 

Recommended

Do Millennials really lead Digital Banking?
Do Millennials really lead Digital Banking?Do Millennials really lead Digital Banking?
Do Millennials really lead Digital Banking?
Chris Barlow
 
Community Call Currency Risk V1
Community Call Currency Risk V1Community Call Currency Risk V1
Community Call Currency Risk V1
Premal Shah
 
Social Trends Report
Social Trends ReportSocial Trends Report
Social Trends Report
Meghan Brown
 
Benchmarks World Class Final ppt
Benchmarks World Class Final pptBenchmarks World Class Final ppt
Benchmarks World Class Final ppt
Meghan Brown
 
Social Trends
Social TrendsSocial Trends
Social Trends
Meghan Brown
 
Online Giving Marketplaces Kiva Presentation
Online Giving Marketplaces Kiva PresentationOnline Giving Marketplaces Kiva Presentation
Online Giving Marketplaces Kiva Presentation
Premal Shah
 
p2p microfinance presentation before Kiva
p2p microfinance presentation before Kivap2p microfinance presentation before Kiva
p2p microfinance presentation before Kiva
guestc0a771
 
Predatory Lending Practices & How to Avoid Them
Predatory Lending Practices & How to Avoid ThemPredatory Lending Practices & How to Avoid Them
Predatory Lending Practices & How to Avoid Them
milfamln
 
Kiva Presentation for Foothill College Microfinance Club
Kiva Presentation for Foothill College Microfinance ClubKiva Presentation for Foothill College Microfinance Club
Kiva Presentation for Foothill College Microfinance Club
wzturner
 
Vietnam philanthropy report
Vietnam philanthropy reportVietnam philanthropy report
Vietnam philanthropy report
Cat Van Khoi
 
Week 11 lecture notes com325
Week 11 lecture notes com325Week 11 lecture notes com325
Week 11 lecture notes com325
Olivia Miller
 
Growth, Diversification, High Wage Jobs
Growth, Diversification, High Wage JobsGrowth, Diversification, High Wage Jobs
Growth, Diversification, High Wage Jobs
nado-web
 
Outlook on Pay for Success / Social Impact Bonds (SIBs)
Outlook on Pay for Success / Social Impact Bonds (SIBs)Outlook on Pay for Success / Social Impact Bonds (SIBs)
Outlook on Pay for Success / Social Impact Bonds (SIBs)
LeSar Development Consultants
 
The future of fundraising in a networked society
The future of fundraising in a networked societyThe future of fundraising in a networked society
The future of fundraising in a networked society
Bryan Miller
 
Kiva Zip: People’s Insights Volume 2, Issue 22
Kiva Zip: People’s Insights Volume 2, Issue 22Kiva Zip: People’s Insights Volume 2, Issue 22
Kiva Zip: People’s Insights Volume 2, Issue 22
MSL
 
Oh mygov gps13 final
Oh mygov gps13 finalOh mygov gps13 final
Oh mygov gps13 final
Richard Hartman, Ph.D.
 
Brand Management Group Report - Ayako Mori
Brand Management Group Report - Ayako MoriBrand Management Group Report - Ayako Mori
Brand Management Group Report - Ayako Mori
Ayako Tani Mori
 
Running Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docx
Running Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docxRunning Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docx
Running Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docx
susanschei
 
Dean Graziosi - 7 Ways to Finding Funding Right Now
Dean Graziosi - 7 Ways to Finding Funding Right NowDean Graziosi - 7 Ways to Finding Funding Right Now
Dean Graziosi - 7 Ways to Finding Funding Right Now
Dean Graziosi
 
Ignore customers at your own peril
Ignore customers at your own perilIgnore customers at your own peril
Ignore customers at your own peril
Joe Orlando
 
apr16-fdi-newsletter-digital
apr16-fdi-newsletter-digitalapr16-fdi-newsletter-digital
apr16-fdi-newsletter-digital
Eliot Norman
 
New US Laws and Regulations Requiring Plain Language
New US Laws and Regulations Requiring Plain LanguageNew US Laws and Regulations Requiring Plain Language
New US Laws and Regulations Requiring Plain Language
Deborah S. Bosley
 
FDIC: Financial Education and the Future
FDIC: Financial Education and the FutureFDIC: Financial Education and the Future
FDIC: Financial Education and the Future
CFLsaving
 
Crowdfunding Your Investment - Final
Crowdfunding Your Investment - FinalCrowdfunding Your Investment - Final
Crowdfunding Your Investment - Final
Denise Douglas
 
CSBS UMKC Freedom Bank Evaluation 2016_v5
CSBS UMKC Freedom Bank Evaluation 2016_v5CSBS UMKC Freedom Bank Evaluation 2016_v5
CSBS UMKC Freedom Bank Evaluation 2016_v5
Maria Davis
 
Importance of Controlled Credit by Vividh Bansal
Importance of Controlled Credit by Vividh BansalImportance of Controlled Credit by Vividh Bansal
Importance of Controlled Credit by Vividh Bansal
ijtsrd
 
MicrofinancePaper
MicrofinancePaperMicrofinancePaper
MicrofinancePaper
Nandan Raghavan
 
p14-18 Financial Literacy
p14-18 Financial Literacyp14-18 Financial Literacy
p14-18 Financial Literacy
Michael Callahan, B.Sc., CIM, CFP
 
How to upgrade bangladesh’s banking almanac
How to upgrade bangladesh’s banking almanacHow to upgrade bangladesh’s banking almanac
How to upgrade bangladesh’s banking almanac
M S Siddiqui
 
Corporate Profile- PreConstruction Catalysts
Corporate Profile- PreConstruction CatalystsCorporate Profile- PreConstruction Catalysts
Corporate Profile- PreConstruction Catalysts
PreConstruction Catalysts, Inc
 

More Related Content

What's hot

Kiva Presentation for Foothill College Microfinance Club
Kiva Presentation for Foothill College Microfinance ClubKiva Presentation for Foothill College Microfinance Club
Kiva Presentation for Foothill College Microfinance Club
wzturner
 
Outlook on Pay for Success / Social Impact Bonds (SIBs)
Outlook on Pay for Success / Social Impact Bonds (SIBs)Outlook on Pay for Success / Social Impact Bonds (SIBs)
Outlook on Pay for Success / Social Impact Bonds (SIBs)
LeSar Development Consultants
 
Kiva Zip: People’s Insights Volume 2, Issue 22
Kiva Zip: People’s Insights Volume 2, Issue 22Kiva Zip: People’s Insights Volume 2, Issue 22
Kiva Zip: People’s Insights Volume 2, Issue 22
MSL
 

What's hot (9)

Kiva Presentation for Foothill College Microfinance Club
Kiva Presentation for Foothill College Microfinance ClubKiva Presentation for Foothill College Microfinance Club
Kiva Presentation for Foothill College Microfinance Club
 
Vietnam philanthropy report
Vietnam philanthropy reportVietnam philanthropy report
Vietnam philanthropy report
 
Week 11 lecture notes com325
Week 11 lecture notes com325Week 11 lecture notes com325
Week 11 lecture notes com325
 
Growth, Diversification, High Wage Jobs
Growth, Diversification, High Wage JobsGrowth, Diversification, High Wage Jobs
Growth, Diversification, High Wage Jobs
 
Outlook on Pay for Success / Social Impact Bonds (SIBs)
Outlook on Pay for Success / Social Impact Bonds (SIBs)Outlook on Pay for Success / Social Impact Bonds (SIBs)
Outlook on Pay for Success / Social Impact Bonds (SIBs)
 
The future of fundraising in a networked society
The future of fundraising in a networked societyThe future of fundraising in a networked society
The future of fundraising in a networked society
 
Kiva Zip: People’s Insights Volume 2, Issue 22
Kiva Zip: People’s Insights Volume 2, Issue 22Kiva Zip: People’s Insights Volume 2, Issue 22
Kiva Zip: People’s Insights Volume 2, Issue 22
 
Oh mygov gps13 final
Oh mygov gps13 finalOh mygov gps13 final
Oh mygov gps13 final
 
Brand Management Group Report - Ayako Mori
Brand Management Group Report - Ayako MoriBrand Management Group Report - Ayako Mori
Brand Management Group Report - Ayako Mori
 

Similar to January 2016 Wisconsin Banker - Cyber Article

Running Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docx
Running Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docxRunning Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docx
Running Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docx
susanschei
 
apr16-fdi-newsletter-digital
apr16-fdi-newsletter-digitalapr16-fdi-newsletter-digital
apr16-fdi-newsletter-digital
Eliot Norman
 
New US Laws and Regulations Requiring Plain Language
New US Laws and Regulations Requiring Plain LanguageNew US Laws and Regulations Requiring Plain Language
New US Laws and Regulations Requiring Plain Language
Deborah S. Bosley
 
FDIC: Financial Education and the Future
FDIC: Financial Education and the FutureFDIC: Financial Education and the Future
FDIC: Financial Education and the Future
CFLsaving
 
Crowdfunding Your Investment - Final
Crowdfunding Your Investment - FinalCrowdfunding Your Investment - Final
Crowdfunding Your Investment - Final
Denise Douglas
 
CSBS UMKC Freedom Bank Evaluation 2016_v5
CSBS UMKC Freedom Bank Evaluation 2016_v5CSBS UMKC Freedom Bank Evaluation 2016_v5
CSBS UMKC Freedom Bank Evaluation 2016_v5
Maria Davis
 
Importance of Controlled Credit by Vividh Bansal
Importance of Controlled Credit by Vividh BansalImportance of Controlled Credit by Vividh Bansal
Importance of Controlled Credit by Vividh Bansal
ijtsrd
 
Creditinfo Jamaica Seminar - Establishing a credit bureau in jamaica (gene leon)
Creditinfo Jamaica Seminar - Establishing a credit bureau in jamaica (gene leon)Creditinfo Jamaica Seminar - Establishing a credit bureau in jamaica (gene leon)
Creditinfo Jamaica Seminar - Establishing a credit bureau in jamaica (gene leon)
Creditinfo
 
FIN376-Jansen-PNC Analysis
FIN376-Jansen-PNC AnalysisFIN376-Jansen-PNC Analysis
FIN376-Jansen-PNC Analysis
Brenda Jansen
 
Forecasting peer-to-peer lending risk
Forecasting peer-to-peer lending riskForecasting peer-to-peer lending risk
Forecasting peer-to-peer lending risk
Archange Giscard DESTINE
 
ClearChoice_FortuneCoverWrap_Final
ClearChoice_FortuneCoverWrap_FinalClearChoice_FortuneCoverWrap_Final
ClearChoice_FortuneCoverWrap_Final
Eric Webb
 
SSgA_Complete_Issue_The_Participant
SSgA_Complete_Issue_The_ParticipantSSgA_Complete_Issue_The_Participant
SSgA_Complete_Issue_The_Participant
Jill Ayuso (LION)
 

Similar to January 2016 Wisconsin Banker - Cyber Article (20)

Running Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docx
Running Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docxRunning Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docx
Running Head BANK LENDING PRACTICES AT THE BANK OF AMERICABANK .docx
 
Dean Graziosi - 7 Ways to Finding Funding Right Now
Dean Graziosi - 7 Ways to Finding Funding Right NowDean Graziosi - 7 Ways to Finding Funding Right Now
Dean Graziosi - 7 Ways to Finding Funding Right Now
 
Ignore customers at your own peril
Ignore customers at your own perilIgnore customers at your own peril
Ignore customers at your own peril
 
apr16-fdi-newsletter-digital
apr16-fdi-newsletter-digitalapr16-fdi-newsletter-digital
apr16-fdi-newsletter-digital
 
New US Laws and Regulations Requiring Plain Language
New US Laws and Regulations Requiring Plain LanguageNew US Laws and Regulations Requiring Plain Language
New US Laws and Regulations Requiring Plain Language
 
FDIC: Financial Education and the Future
FDIC: Financial Education and the FutureFDIC: Financial Education and the Future
FDIC: Financial Education and the Future
 
Crowdfunding Your Investment - Final
Crowdfunding Your Investment - FinalCrowdfunding Your Investment - Final
Crowdfunding Your Investment - Final
 
CSBS UMKC Freedom Bank Evaluation 2016_v5
CSBS UMKC Freedom Bank Evaluation 2016_v5CSBS UMKC Freedom Bank Evaluation 2016_v5
CSBS UMKC Freedom Bank Evaluation 2016_v5
 
Importance of Controlled Credit by Vividh Bansal
Importance of Controlled Credit by Vividh BansalImportance of Controlled Credit by Vividh Bansal
Importance of Controlled Credit by Vividh Bansal
 
MicrofinancePaper
MicrofinancePaperMicrofinancePaper
MicrofinancePaper
 
p14-18 Financial Literacy
p14-18 Financial Literacyp14-18 Financial Literacy
p14-18 Financial Literacy
 
How to upgrade bangladesh’s banking almanac
How to upgrade bangladesh’s banking almanacHow to upgrade bangladesh’s banking almanac
How to upgrade bangladesh’s banking almanac
 
Corporate Profile- PreConstruction Catalysts
Corporate Profile- PreConstruction CatalystsCorporate Profile- PreConstruction Catalysts
Corporate Profile- PreConstruction Catalysts
 
Creditinfo Jamaica Seminar - Establishing a credit bureau in jamaica (gene leon)
Creditinfo Jamaica Seminar - Establishing a credit bureau in jamaica (gene leon)Creditinfo Jamaica Seminar - Establishing a credit bureau in jamaica (gene leon)
Creditinfo Jamaica Seminar - Establishing a credit bureau in jamaica (gene leon)
 
FIN376-Jansen-PNC Analysis
FIN376-Jansen-PNC AnalysisFIN376-Jansen-PNC Analysis
FIN376-Jansen-PNC Analysis
 
All about credit unions and banking services
All about credit unions and banking servicesAll about credit unions and banking services
All about credit unions and banking services
 
The state of payday loan lending in Mississippi
The state of payday loan lending in MississippiThe state of payday loan lending in Mississippi
The state of payday loan lending in Mississippi
 
Forecasting peer-to-peer lending risk
Forecasting peer-to-peer lending riskForecasting peer-to-peer lending risk
Forecasting peer-to-peer lending risk
 
ClearChoice_FortuneCoverWrap_Final
ClearChoice_FortuneCoverWrap_FinalClearChoice_FortuneCoverWrap_Final
ClearChoice_FortuneCoverWrap_Final
 
SSgA_Complete_Issue_The_Participant
SSgA_Complete_Issue_The_ParticipantSSgA_Complete_Issue_The_Participant
SSgA_Complete_Issue_The_Participant
 

More from Jeff Otteson

MBIS NDBA Spotlight Article
MBIS NDBA Spotlight ArticleMBIS NDBA Spotlight Article
MBIS NDBA Spotlight Article
Jeff Otteson
 
20 Questions to ask your Cyber Carrier - Wis Banker 12-2015
20 Questions to ask your Cyber Carrier - Wis Banker 12-201520 Questions to ask your Cyber Carrier - Wis Banker 12-2015
20 Questions to ask your Cyber Carrier - Wis Banker 12-2015
Jeff Otteson
 
MBIS Ad October 2015
MBIS Ad October 2015MBIS Ad October 2015
MBIS Ad October 2015
Jeff Otteson
 
WBA CMP EDB Article March 2015
WBA CMP EDB Article March 2015WBA CMP EDB Article March 2015
WBA CMP EDB Article March 2015
Jeff Otteson
 
25 Questions to ask your D & O carrier
25 Questions to ask your D & O carrier25 Questions to ask your D & O carrier
25 Questions to ask your D & O carrier
Jeff Otteson
 

More from Jeff Otteson (6)

MBIS NDBA Spotlight Article
MBIS NDBA Spotlight ArticleMBIS NDBA Spotlight Article
MBIS NDBA Spotlight Article
 
20 Questions to ask your Cyber Carrier - Wis Banker 12-2015
20 Questions to ask your Cyber Carrier - Wis Banker 12-201520 Questions to ask your Cyber Carrier - Wis Banker 12-2015
20 Questions to ask your Cyber Carrier - Wis Banker 12-2015
 
MN Cyber Article
MN Cyber ArticleMN Cyber Article
MN Cyber Article
 
MBIS Ad October 2015
MBIS Ad October 2015MBIS Ad October 2015
MBIS Ad October 2015
 
WBA CMP EDB Article March 2015
WBA CMP EDB Article March 2015WBA CMP EDB Article March 2015
WBA CMP EDB Article March 2015
 
25 Questions to ask your D & O carrier
25 Questions to ask your D & O carrier25 Questions to ask your D & O carrier
25 Questions to ask your D & O carrier
 

January 2016 Wisconsin Banker - Cyber Article

  • 1. strategic planning. “The process starts with clearly understanding what your mission is, then what your culture and values need to be,” he said. “Then identify your objectives and what key performance metrics you’ll use to hold yourselves accountable.” The final step in this process is to determine the specific opportunities and threats that could help or hinder those objectives, including both internal or external factors and resources. You Are Here: Set Your Destination Defining your bank’s mission starts with knowing who you are as an organization today and who you want to be in the future. Many institutions have a mission that defines one or the other, but both are necessary. They are your start and end points on the map. Smith advises creating a short-term plan (usually 12-24 months) that addresses the bank’s current structure and maximizes performance of where the bank is now. The long-term plan should look 3-5 years in the future and clarify when and how to put changes in place. PRSRTSTD U.S.POSTAGE PAID UMS WisconsinBankersAssociation 4721SouthBiltmoreLane Madison,WI53718 JANUARY 2016 WISCONSIN BANKERS ASSOCIATION FOUNDED 1892 Chart the Course, But First Determine Your Destination To create an effective strategic plan, directors must first establish specific end goals According to NetDili- gence’s 2015 Cyber Claims Study,* the average number of records exposed in a data breach has climbed from 1.4 million in 2012 to 3.2 million in 2015, and the financial services sector remains a popular target (with 17 percent of data breaches, second only to the healthcare sector with 21 percent). As a result of this growing Cyber-Liability: Are You Covered? Don’t “set it and forget it” with your protection By Amber Seitz (continued on p. 29) (continued on p. 32) degree and complexity of risk, the landscape of cyber-liability and cyber-security insurance is undergoing dramatic change. “The coverage By Amber Seitz The first step in formulating a successful strategic plan is defining where you want that plan to take your institution. Skipping this step is like going on a road trip without picking a destination. Any map you bring along on that trip will be useless until you know where it is that’s available in this area is in greater flux than any area since the product liability insurance crisis in the 1980s,” said Mark Foley, attorney at von Briesen & Roper, s.c. “About a dozen of the major companies writing cyber-security coverage are reviewing their policies on an annual or semiannual basis for changes in coverage.” This accelerated evolution requires bank directors and manage- ment to reassess their you want to end up. “Many banks go into the strategic planning process without knowing where they want to go,” said Philip K. Smith, president of Gerrish McCreary Smith Consultants and Attorneys. To avoid that pitfall, bank directors must take the time to fully describe their high-level goals for the institution. “If you get the high-level stuff right, the details will fall into place,” said Ken Johnson, principal at Ken Johnson Consulting. To accomplish that, Cass Bettinger, president of Cass Bettinger and Associates, recommends engaging in mission-driven coverage on a much more frequent basis than in the past. Many D&O policies offer coverage for signi- ficant expenses associ- ated with cyber-liability, but typically do not include post-breach response assistance. Because of that, more community banks are purchasing specialty insurance to protect the institution. According to Jeff Otteson, vice presi- dent of sales at Midwest Bankers Insurance Services (MBIS),
  • 2. roughly 50 percent of institutions purchase a separate specialty cyber-liability and crisis management expense policy. In order to make an informed decision regarding the bank’s cyber-liability and cyber-security insurance, management and the board of directors must first understand their options and then undergo an assessment to determine the best coverage for their institution’s unique needs. Understand Your Options It’s important for bank management to understand that cyber-liability coverage is not simply coverage for e-banking services. Nicholas Economidis, E&O underwriter at Beazley, a specialist insurer, clarified this common misconception. “Cyber-liability is about coverage for liability associated with a loss, theft or unauthorized disclosure of information, as well as for expenses associated with a data breach event,” he said. The two basic classifications of coverage are first- and third- party. Foley explained that first-party insurance protects the institution against its own losses and expenses related to a breach, whereas third-party coverage protects against claims by third parties (such as the bank’s customers, affiliates, or service providers) for losses they suffer because of a data breach at the bank. “You need both first- and third-party coverage in connection with a data breach,” Foley advised. One benefit of choosing a policy with both first- and third-party coverage is that it avoids overlapping policies with the bank’s other insurance carriers. “Overlapping policy language can lead both to unnecessary and expensive duplication of coverage or to dangerous coverage gaps and disputes,” Foley added. Due to the complex nature of cyber-security, there is a wide variety of coverages available to financial institutions, each with its own merits. “Many bankers feel that all cyber-liability policies are created equal, but they’re not,” said Otteson. “Each carrier has unique policy language, limit structure, exclusions and pre- and post- breach risk management offerings or services.” That variety means it is critical for bank management and directors to ask questions and thoroughly review their options. “The most important thing for directors is to Cyber-Liability (continued from p. 1) The nature of the risk is changing quickly, so the nature of the insurance that’s available is also changing quickly. It’s not just a matter of looking at whether the premium has changed when it comes time for renewals. – Mark Foley von Briesen & Roper, s.c. Many bankers feel that all cyber-security policies are created equal, but they’re not. – Jeff Otteson Midwest Bankers Insurance Services More than $225,000 in Scholarships Available Annually gsb.org The Wisconsin Bankers Association is pleased to offer scholarship opportunities to its member bankers through the Herbert V. Prochnow Educational Foundation, a supporting organization to the Graduate School of Banking at the University of Wisconsin – Madison. The GSB Prochnow Foundation offers nearly one quarter million dollars in scholarships every year to bankers who want to improve their careers and organizations through education. Scholarships are distributed through the WBA for the Graduate School of Banking and the GSB Human Resource Management School. Apply today for a scholarship to attend a program at the nation’s leading and most progressive banking school. For details, contact Nick Loppnow at the Wisconsin Bankers Association at nloppnow@wisbank.com. Sponsored by: Educating Professionals, Creating Leaders 32 JANUARY 2016 (continued on p. 33)
  • 3. By Mike Semmann nVestWisconsin launched on Giving Tuesday (Dec. 1, 2015) with the help of WBA and Crowdfund i94. This WBA website is one of the state’s first crowdfunding websites to support local nonprofits, businesses and projects. Spe- cial Olympics of Wisconsin, Madison Scouts Drum & Bugle Corps, Habitat for Humanity of Wisconsin and the Zoological Society of Milwaukee are the first four nonprofit organiza- tions to launch fundraising projects on nVestWisconsin. Each nonprofit ran a 30-day fundraising campaign through individuals and businesses to make a contribution to a non-profit or business to assist with a specific project. nVestWisconsin Securities, which will launch in 2016, will allow institutional and individ- ual investors to purchase securities in an online platform. Donor. Investor. nVestWisconsin’s users may fall into one or both categories, but what unites all of them is a desire to see the Dairy State grow and prosper. Semmann is WBA executive vice president and chief opera- tions officer and also serves as president of nVestWisconsin. they choose or to truly own a piece of something good in their home state. This is also true for banks and bankers. You see, nVest is unique because it has two separate but related pages within it: nVestWisconsin Donate and nVestWisconsin Securities. nVestWisconsin Donate provides opportunities for nVest in order to meet their specific needs and goals. One goal of nVestWisconsin is to encourage people to consider how they invest in their community. Donating is not a one-size-fits-all activity, and by offering an option to either donate or invest, the new crowdfunding platform allows Wisconsinites to give however WBA Launches nVestWisconsin: Wisconsin’s Local Crowdfunding Platform New website takes the "give local" campaign digital Association Update Michael B. Semmann WISCONSIN > Visit nVestWisconsin today! donate.nvestwisconsin.com. make sure they understand the nature, likelihood, and potential ramifications of all the risks and therefore all of the types of coverage that they could purchase so that they’re making an informed decision as to which ones to buy,” said Foley. Economidis suggested looking for three different coverage features. One important type of coverage to consider is regulatory defense and penalties coverage, preferably provided on a duty to defend basis. “Financial institutions are heavily regulated and may be subject to regulatory scrutiny after a breach event,” Economidis said. He also recommended seeking coverage for breach response services provided outside the limit of liability available for defense and indemnity of a claim, as well as a careful exploration to determine what coverage is offered to the bank in the event a third-party vendor they use suffers a breach or loss of information in their care. Otteson recommends bank management also consider each policy’s limit structure with regard to the liability limits and the crisis management expense limits. Typically, crisis management expense limits include forensics, credit and identity monitoring, public relations and notification expenses after a breach. Some policies offer separate “towers” of coverage limits, which will not erode the liability limit. Otteson said that when the expense limits are shared with the liability limit, community banks should increase their liability limit in proportion with the expense limit. Follow a Selection Process Each institution has unique coverage needs, so assessing policies will be different. However, establishing a set procedure for identifying the bank’s needs and risk tolerance and evaluating policy options will make the renewal process much smoother. “The nature of the risk is changing quickly, so the nature of the insurance that’s available is also changing quickly,” said Foley. “It’s not just a matter of looking at whether the premium has changed when it comes time for renewals.” He advised boards to do in-depth review of the bank’s coverage at least annually. The first step in such a review should be to forecast the bank’s expected losses and determine its risk tolerance. “Banks should attempt to forecast the expected loss associated with a data breach event both from a worst-case scenario as well as a probable- loss scenario,” said Economidis. “Then, with these figures in mind, banks should consider how much risk they are comfortable retaining, and seek to purchase insurance for the remaining risk.” Otteson advises bank management to also consider the number of customers the institution has (including past customers, current employees, and past employees), as that drives the cost for notifications after a breach, along with the cost of credit and identity monitoring. Economidis also recommended using benchmarks as a litmus test regarding the amount of coverage that institutions of similar size have purchased. “This benchmarking process can provide a reality check for the loss forecasts generated earlier in the process,” he said. Perhaps the most important step in any cyber-liability coverage assessment is determining what isn’t covered under a particular policy. “Businesspeople typically don’t know what a policy does not cover,” Foley said. He explained that confusion results from both new technology terms unfamiliar to senior management and state-of- the-art insurance terms which have been litigated for decades – sometimes centuries – and Cyber-Liability (continued from p. 32) The biggest mistake insured and potential insureds make is assuming that they’re prepared to handle a data breach event. – Nicholas Economidis Beazley JANUARY 2016 33 (continued on p. 34)
  • 4. Rose Oswald Poels is WBA president and CEO ropoels@wisbank.com | 608/441-1200 Twitter: @RoseOswaldPoels There’s certainly no shortage of information channels in this day and age.You can find out news from around the globe in newspapers, online and even on your smartphone. If you don’t have time to sift through hundreds of articles and news bytes, here’s what you need to know about what’s going on in the banking industry this month: WBA Perspective Industry briefings for Wisconsin bankers Legislative Advocacy House Passes Portfolio Lending and Mortgage Access Act H.R. 1210, the Portfolio Lending and Mortgage Access Act, passed the House on Nov. 19, with a vote of 255-174. This legislation provides that loans originated by insured depository institu- tions and held in portfolio are treated as Quali- fied Mortgages under the Truth in Lending Act. A letter of support was sent the day before the vote by WBA and 53 other banking associations. However, three members of the Wisconsin delegation voted “no,” so WBA promptly contacted the offices of those Representatives to express our serious disappoint- ment in their vote on this signature issue. This was the latest effort in three years of lobbying to provide relief to Wisconsin bankers on this issue. Thanks go out to all bankers who contacted their legis- lators. WBA extends a special thanks to the bankers who attended our two Government Relations summits last spring as this was one of the priority issues taken to legislators during those events. Industry News WBA Raises Over $5,000 for Charity The WBA staff raised over $5,000 for United Way during a week-long fundraiser boasting a variety of activities for staff participation. The United Way gave WBA their Bronze Award, which is awarded to companies where em- ployee gifts average $50-$99 per employee. Judicial Advocacy Wisc. Sup. Ct. Hears Oral Argument in Walworth State Bank v.Abbey Springs Condominium Assn. The Wisconsin Supreme Court heard lively oral argument on Nov. 9, 2015 in Walworth State Bank v.Abbey Springs Condominium Association, a case in which WBA submitted an amicus brief. The primary issue before the court was whether a condominium association may legally enforce a policy that forbids new owners of a condo- minium unit, purchased at foreclosure, to use the condominium’s recreational facilities until the previous owner’s delinquent dues and assessments for such facilities are paid up to date. WBA noted that if the case is decided in favor of the association, lenders would be less likely to make condo loans or would increase costs to borrowers to cover the higher risks associated with condo lending. The Court’s opinion is expected in 2016. NEWS require a level of expertise that most individuals outside the industry haven’t acquired. Get Expert Advice Obtaining the services and advice of external experts, such as a broker or lawyer, is crucial for a thorough and successful review of the bank’s cyber-liability and cyber- security insurance coverage. “Because the changes are so fast and furious, you should work with a broker, consultant, or lawyer who knows this area and can help you assess what you need and help you find someone who’s offering it,” Foley said. “Foremost, work with a broker that has expertise in cyber-liability,” Economidis agreed. “After that, attain quotes from key markets and work with your broker to understand the key distinctions between various offerings.” In addition to external expertise, Otteson highly recommends that bank management involve their IT Department when doing carrier reviews and due diligence. “As the climate changes and exposures become greater, a best practice would be for community banks to engage their IT experts regarding their cyber exposures and the policies the bank purchases,” he said. Involving the bank’s IT experts in the insurance assessment may also lead management to better understand which vulnerabilities can be rectified through technical or policy means, and which risks require insurance because they cannot be fully mitigated by the bank. Bank management should ensure that the board of directors understands that they cannot – and should not – assume the bank can handle a data breach internally. “The biggest mistake insured and potential insureds make is assuming that they’re prepared to handle a data breach event,” said Economidis, noting that most institutions have little, if any, experience handling such events and are therefore ill- equipped to do so effectively or efficiently. “Institutions should seek insurers, or other partners, with significant breach experience for assistance with a breach event,” he said. “Every bank should have a written computer incident response and investigation plan that is practiced and updated at least annually.” In short, don’t handle a breach event alone. Seitz is WBA communications coordinator. *View the full 2015 study online at www.netdiligence.com/downloads/ NetDiligence_2015_Cyber_ Claims_Study_093015.pdf. Cyber-Liability (continued from p. 33) “I am very proud of the significant dollars this staff personally donates each year for United Way. It is great to be able to say to our members and to the community that the WBA staff understands the importance of giving back to their community and proves that through the generous donation of their hard-earned dollars,” explained WBA’s Rose Oswald Poels. For more industry updates like these, sign up to receive the WBA Executive Letter ePublication by visiting www.wisbank.com/subscriptions. JUDICIAL ADVOCACY LEGISLATIVE ADVOCACY 34 JANUARY 2016