It’s not a surprise to look at the statistics and see that personal information of any kind and from any vertical are not safe online. Data breaches happen on an almost revolving basis, exposing everything from email addresses to passwords to credit card numbers. For banks and other financial institutions, this means that consumer financial information is easily accessed, exposed, and held for ransom.
A recent study claims that there is a new data breach victim every two seconds in the United States, while another study shows that cybercrime as a whole is increasing at an alarming rate, surging by nearly 50 percent from 2017 to 2018. The question isn’t if a data breach will happen, but when will it happen, and how banks can effectively respond in order to salvage as much customer information as they can.
How Financial Institutions Should Respond to Data Breaches
So, how do banks respond to these data breaches and what’s the right way to go about responding in order to not make matters worse?
Be Transparent and Upfront
The damage has already been done, so there’s no point in sugarcoating what’s taken place. Customers are caught up in a whirlwind of confusion when data breaches take place, so it’s best to be as straightforward and informative as possible during this process.
Banks need to fully disclose information about the event and be as accurate as possible in a timely manner. It’s much better if news about a cyber event comes from official channels of a bank or financial institution rather than gathering information from outside sources. Banks should inform their staff, customers, suppliers, and any other important contacts who need to know about what has transpired. It’s important to be as informative as possible when it comes to what happened and how major the cyberattack was.
Who is in Charge of Communication?
Depending on the size and structure of a bank, this may vary. Some banks will have a risk compliance department in place already, while others may have a data protection officer who handles these problems. Other companies might choose for the news to come straight from the CEO’s office or the in-house public relations department.
Regardless of who’s in charge of relaying the information, it’s important that they have all the necessary facts including how the bank is responding through investigation and whom it is working with to understand as thoroughly as possible what occurred and how they can avoid it in the future. Communication strategies need to be discussed internally to all staff as well as to customers in order to avoid major claims and more loss of confidence.
While being straightforward in relaying information is key, it shouldn’t be mistaken for pared-down information. In fact, simply telling customers that an attack has occurred without any additional information doesn’t do anyone any good. What’s more, customers may feel encouraged to bring negligence claims against banks during this process. Having coverage such as Bankers insurance will help to defend banks and their professionals during litigation, but heeding these notes will also help to avoid major pitfalls and long-winded legal battles.
It’s important for banks to take responsibility and apologize for the breach. Banks should let people know that the company is taking the breach seriously and that they are handling every aspect of it accordingly. Details about the type of data that was lost and how it was lost should be provided, unless prohibited by law. Any steps that need to be taken so this type of incident doesn’t happen again should be discussed as well.
Make and Follow Through on Promises
Again, it’s not a matter of if a breach takes place so much as when one will take place. This being said, banks should have a protocol for handling cyberattacks. One way to rebuild trust in a company is to follow through on the promises that have been made. After the information about a breach is expressed, a bank needs to make sure it will do what it needs to do in order to limit exposures in the future. Besides fixing the issues that led to a breach, a bank will need to act on any additional steps and measures recommended by the people who investigated it.
About Financial Guaranty Insurance Brokers
Since 1983, Financial Guaranty Insurance Brokers has distinguished itself as a provider of Professional Liability, Cyber Liability, and Crime insurance products for entities of all types. To receive timely, personalized service from a knowledgeable and experienced staff, call us today at (877) 485-4413 to speak with one of our professionals.