Ready to Respond


Helping community banks prepare complete cyberbreach response plans

By Vanessa Drucker

successful cyberattack is a rare event at community banks, but can be potentially serious and fast-moving if it occurs. So it was an out-of-state trip that prompted Dwayne Aberle to recognize the need to more fully prepare his community bank to respond effectively in the event of a cyberbreach. The president and CEO of the $400 million-asset Security State Bank in Centralia, Wash., Aberle wondered how well his colleagues would be prepared to react to a possible cyberbreach if he were away from the office.

He says he wanted to be sure they could respond quickly and effectively, even if he wasn’t close by. Thus, the Community Bankers of Washington (CBW) developed the Community Bank Incident Response Program. The program is an initiative that Aberle, a CBW board member, launched with Tom Schauer, a computer-network security expert and associate member of CBW, to help community banks review and hone their incident response plans in case their systems are penetrated by a cyberattack.

As a $5,000 package, the CBW program offers eight hours of consultation, with those services customized to each bank to develop a complete and fully actionable response plan. The program addresses the legal aspects of responding to a breach as well as the external public relations and communications that would need to be engaged. Also covered are questions regarding bank cyber-insurance, as well as the computing forensics involved with identifying cyberattacks.

The resulting document ensures a bank has a complete and updated incident response plan, says John Collins, CBW’s president and executive director. For instance, under each of the 47 different state data breach notification statutes, any bank affected by a data breach must notify its customers as quickly as possible, under some statutes no later than 30 to 45 days after the incident.

In some jurisdictions, a bank must also notify certain regulatory authorities and follow certain notification requirements regarding format and content. On the insurance front, the program explains the types of cyberinsurance coverage available to cover a bank’s potential legal liabilities, as well as coverage triggers and types of data loss and remediation costs covered.

So far, CBW’s program is available to community banks in Oregon, Idaho and Washington, and the association is holding discussions to make the program accessible to community banks in California. Collins says a key component of a well-prepared cyberbreach response plan is to identify the individual members of an incident response team. Such a team typically includes the president, chief financial officer, chief compliance officer, chief information officer, auditor, marketing officer or senior human resources director. Outside members of the team might include professionals from legal, IT and public relations firms.

Once a response team’s members know their respective roles, a tabletop simulation exercise can be carried out to test the response plan, to be later followed by a real-time simulation. As rules and regulations change and evolve, it remains important to update the plan on an annual or biannual basis.

Vanessa Drucker is a writer in New York.

Cyber-Response Resources

Information security has become a universal language. Various industries and sectors are regulated by different entities, but all computer operations face similar threats. The following list offers some links to useful information security resources.

Community Bank of Washington. The Community Bank Incident Response Program is available at

Community Banker University. ICBA’s education program offers a range of cyberbreach education resources for employes at community banks as well as for retail and business customers. Those resrouces include online courses for bank staff members and several audio conferences and webinars.

ICBA also offers cybersecurity awareness materials to educate commercial customers about corporate account takeovers.
Find the resources online at

Ready to Respond

Regulators and cybersecurity experts identify these elements of a complete cybersecurity incident response program.

  1. Have a copy of all your bank’s insurance policies available.
  2. Know your bank’s policy triggers and limits.
  3. Know whom to call to report a claim.
  4. Develop an incident response plan.
  5. Identify members for an instant response team.
  6. Create an inventory of systems and data and determine their criticality.
  7. Identify all vulnerabilities and threats to systems and data.
  8. Conduct tabletop exercises to test the response plan in an informal setting.
  9. Carry out penetration testing on computer systems, networks and Web applications to discover any vulnerabilities.
  10. Conduct real-time simulation tests.
  11. Train employees and convey awareness of cyber-risks.
  12. Regularly review all controls, policies and response plan.

—Vanessa Drucker