Cyber Loss Control Resources

Mobile App Developer Agreements

BakerHostetler Brief by Partner Alan Fried, BakerHostetler

Consumers are now more likely to use their phones than a computer to go online. Accordingly, mobile apps are no longer just for streaming media, playing games and social media. Retailers, transportation companies, healthcare providers and almost any company that engages with consumers needs a mobile app. Like other important IT vendor engagements, the RFP, scoping and contracting process for developing and operating a mobile app, whether it is a wholly custom application or a white label software-as-a-service solution, is crucial to establish the schedule and deliverables, the parties’ responsibilities, dependencies, who owns and can do what with the IP and data, how risk is apportioned and the company’s rights and remedies if the relationship sours or ends

Continue Reading

The Growing Threat of Ransomware

By M. Scott Koller, Attorney and member of BakerHostetler's Privacy and Data Protection Team

More than just a nuisance, ransomware has become a legitimate threat to business operations and continuity.

The FFIEC eerily foreshadowed the meteoric rise of ransomware in November, 2015. In the first three months of 2016 alone, the FBI estimates that cyber criminals have collected over $209 million from businesses, hospitals, and other institutions. If that rate continues, ransomware is on track to become a billion-dollar criminal enterprise. Moreover, that figure only represents reported losses and does not include unreported incidents or tangential costs such as system downtime, reputational damage and remediation efforts. The true magnitude is likely much larger.

Continue Reading

Cyber Crime 101: Some Basics

An overview of popular cyber crime techniques and types as well as a bank's responsibilities in case of a breach.

View infographic


BakerHostetler 2018 Data Security Incident Response Report 

Press Release. The full 2018 BakerHostetler Data Security Incident Response Report can be found here. The report, produced by the Privacy and Data Protection team at BakerHostetler, The 2018 Report contains statistics and insights based on more than 560 data security incidents managed by the firm in 2017.

More Information


Third Party Risk Management-An important part of your bank's overall risk management program

Include "Third Party Risk Management" in your bank's overall Risk Management Program, weaving in third party considerations into all applicable parts of your program.

View infographic


Encryption Prescription: What is encryption and why should your bank have it?

By Lisa Micciche, ABA Insurance Services

If your bank stores sensitive data or has an online presence, you should be utilizing encryption to keep your data and your customers' data safe.

View infographic


Breaking Down the Cost of a Data Breach

By Lisa Micciche, ABA Insurance Services

How much cyber insurance will adequately cover your bank's needs? The biggest challenge is calculating the potential cost of a security incident.

View infographic


The Top 5 Cybersecurity Risks for Banks

By Lisa D. Traina, CPA/CITP, CGMA

My company does information technology security reviews for organizations. No matter what type of entity they are or what industry they are in, a first-time review of their IT defenses usually reveals 40 or more security holes that need to be patched.  Because banks have been encouraged by regulators for several years to focus on IT security, they tend to have better security measures in place than other industries, but they are not immune to the cyber risks nor are their customers.

So what can you do to protect your institution and your customers? The first thing is to understand the problem. To help with that, here are the top five cybersecurity risks all organizations face.

Continue Reading

Risks of Social Media

By Lisa Micciche, Product Manager, ABA Insurance Services

All standard trade, consumer, copyright, and defamation laws that apply in our 3-D life also apply to the internet. Be aware, however, that there are additional legal concerns specific to social media marketing. Here is a brief rundown of a few of them.

Continue Reading

24/7 Breach Hotline
Available to Cyber and IBL insureds only

Please Note: The Breach Hotline is an advisory helpline managed by BakerHostetler. Calling the Breach Hotline does not constitute or replace filing an insurance claim with ABA Insurance Services. To file an insurance claim, contact ABA Insurance Services at 800-274-5222 or
More information is available at

ABA Insurance Services has partnered with BakerHostetler, one of the nation's leading law firms, to offer a data breach hotline devoted exclusively to program insureds. The hotline provides 24/7 access to an experienced breach coach in the event of an actual or suspected breach.

If you choose to engage BakerHostetler beyond the free consultation, their experts will help navigate you through your breach crisis with a multi-disciplinary team of privacy attorneys, network security experts and crisis communications specialists.

Incident Response Action Items

NEW!! COVID-19: Cybercrime Opportunities and Law Enforcement Response (

Data Privacy Monitor (BakerHostetler blog)

Interactive Map: State Data Breach Notification Laws (BakerHostetler)

Cybersecurity: Data, Statistics, and Glossaries (

BakerHostetler's 2019 Data Security Incident Response Report

BakerHostetler Brief: Mobile App Developer Agreements

Industry Infographics

ABA's Phishing: Don't Take The Bait

ABA's Tips for Avoiding Ransomware
(ABA Banking Journal)

How Banks Authenticate Digital Transactions
(ABA Banking Journal)

Mobile payments are slow to catch on
(ABA Banking Journal)

Typical card cracking scenario (ABA)

How tokenization is used to protect against fraud (ABA)

ABA Survey: cyber insurance options banks choose (ABA Banking Journal/ABA)