Pub. 13 2022 I Issue 1 Spring 31 West Virginia Banker Advertiser Index ATM Solutions...................................................................23 Baker Group.................................................................... IFC Baker Tilly.........................................................................IBC Bankers Bank of Kentucky...............................................34 Bowles Rice......................................................................... 3 TheGreenbrier..................................................................22 Spilman Thomas & Battle.......................................... OBC S.R. Snodgrass...................................................................17 Suttle & Stalnaker..............................................................7 WVBA Insurance Group.................................................33 YHB..................................................................................16 Mark Mangano is counsel with Jackson Kelly PLLC. Mark is a former bank CEO with over twenty-five years of leading a financial institution and ensuring regulatory compliance. Mark’s practice focuses on banking regulatory issues, mergers and acquisitions, strategic planning consulting, and corporate governance advising. You can contact Mark at Mark.mangano@jacksonkelly.com or 304-284-4104. • Prioritize the incident for further action; • Notify appropriate parties; • Choose a containment strategy; • Gather and preserve evidence; • Eradicate the threat; • Recover systems, and; • Conduct a post-activity assessment. Without advanced planning, the computer-security incident response process can be far too complex to accomplish. In addition, there are potentially significant costs associated with incident response, including third-party vendor costs, lost productivity, ransomware demands, and business interruption. Cyber-insurance is an increasingly necessary risk mitigation tool that should be integrated into the computer-security incident response plan. Cyber-insurance policies are complex contracts that do not generally follow a standardized form. The terms should be negotiated in the context of the bank’s overall incident response plan. The computer-security risk environment suggests that even with robust prevention measures in place, banks are exposed to the potential for computer-security incidents requiring rapid, costly, and coordinated action. With proper planning, clearly understood and documented roles and responsibilities among vendors, and appropriate insurance, banks can substantially mitigate the potential disruption stemming from computer-security incidents. 1 “Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers”, 86 FR 66424, (November 23, 2021).
RkJQdWJsaXNoZXIy MTIyNDg2OA==