John Podvin in Cyber Attacks: The Three Most Important Steps a Board Can Take


Bank Director asked legal experts to address a question that is top-of-mind in bank boardrooms lately: cyber security. What really is the role of the board in overseeing this potential threat? Big banks are getting hit with denial-of-service attacks that are taking down their web sites for hours. Even smaller banks are getting reports of constant attempts to hijack their online security. It seems time to address that question.

What are the three most important steps that banks should take to protect themselves from cyber attacks?

First, the board of directors must be well informed as to the risks of cyber attacks, the mitigating steps taken by the bank to address the risks, and very importantly, the results of any testing performed on the controls that the bank deployed. Second, the board must make sure that qualified management is in place with the appropriate level of competence, staffing and resources to address the ever-evolving risks of cyber attacks. Finally, the board should study all the enterprise’s insurance policies to make sure that there is in place insurance coverage and/or riders to protect the enterprise (this includes the holding company and all affiliates and subsidiaries) if it becomes the victim of a cyber attack.
John Podvin, Haynes Boone, LLP

Excerpted from, May 9, 2013. To view full article, click here.

Related Practices

Email Disclaimer