Subscribe

Industry expertise | August 2024 Prepare your association to respond to a cyberattack

Learn how to develop and implement an incident response plan to mitigate the risk to your association and its members.

Cyberattacks are becoming more common, with sizable losses for victim organizations. The FBI fielded over 880K cybercrime reports in 2023, but an estimated 80% of all such crimes go unreported. Even so, the relatively small fraction of cybercrimes that Americans reported in 2023 represent over $12.5 billion in potential losses—22% more than in 2022.Disclosure 1

Besides financial damage, your association could suffer operational disruption and loss of data if hackers break through your defenses, exposing homeowners and staff to long-term risk of fraud and identity theft. In this escalated threat environment, planning for how to handle a cyberattack is an important component of your association’s overall risk management strategy.

Beyond financial losses, the impact of a cyberattack can include operational disruptions, legal repercussions, and reputational damage.

Plan for an attack.

Prevention is important, but when one careless click can unleash an attack, it’s impossible to stop all attacks. Detailed planning for a potential event helps you prepare and respond more quickly and effectively if your association does experience a cyberattack. It’s worth the time and effort to think through appropriate actions, necessary resources, and possible barriers you could face should hackers break through your defenses.

Designate an incident response team to develop and maintain a comprehensive response plan. In addition to IT staff, your team should include senior managers, key operational employees, and even board members. Keep a copy of your plan offline—a cyberattack could lock you out of your systems.

Establish relationships with external resources and experts. Know who you’ll call for specialized knowledge and advice if you have a problem. That could include a cyber incident response firm, data forensics experts, data privacy legal counsel, the association’s cyber insurance broker, and communications/public relations professionals.

Assess the plan periodically under various incident scenarios. Conduct cyber-attack drills for team members to practice their response steps, improve familiarity with how the response unfolds, and identify potential problems. This kind of “dry run” can reduce stress levels and improve the speed and performance of implementing your plan during an actual event. 

Understand your incident to-do list.

After an attack, every minute counts. Stay calm and react quickly but methodically, using this checklist as a general guide.

Activate your incident response team. Make sure that everyone designated with oversight duties knows their role. Inform board members of the attack and the appropriate responses taken.

  • Consult your insurance broker to discuss insurance policy incident notification requirements. Your insurance broker can work with your cyber insurance carrier to outline the appropriate first steps and the optimal process to engage carrier-approved vendors. This ensures you’ll have the right resources charging the right rates and that you’re adhering to your insurer's terms and conditions, so you receive your full policy benefits.
  • Engage your legal team. Involve approved breach counsel at the onset to determine appropriate actions that fulfill legal obligations, manage potential liabilities, and prepare for the possibility of future litigation or regulatory investigation.

Conduct a thorough damage assessment and implement the appropriate response plan.

  • Identify the threat and try to isolate affected systems to prevent further damage. Resolve the vulnerability that allowed the incident, if possible.
  • Preserve and document evidence related to the incident. In your haste to restore data, take care not to destroy evidence that could help law enforcement identify the attackers or be used in their prosecution.
  • Address the most urgent priorities. Mitigate the impact of the incident, repair systems, restore data, and strengthen security.

Work closely with your forensic investigation firm and other incident response experts. If necessary, assist with the negotiation process and prepare for secure and lawful extortion payment. Provide support to restore full operational status across the organization.

  • Report the incident to appropriate law enforcement and regulatory agencies. They may be able to assist in the investigation.

Contact your bank if your account has been compromised.

  • Report the fraudulent incident to your bank’s fraud response unit.
  • Work with your bank to try to recoup funds.

Craft your communications plan.

  • Talk to an insurer-approved public relations and communications team about the best ways to communicate about the incident with your staff, homeowners, and other public-facing audiences.
  • Verify and comply with legal requirements to notify those affected by the incident and offer credit monitoring and/or identity theft restoration services as approved by your insurer and advised by your breach counsel.

Be ready if a cybercriminal strikes.

Learn how to respond after a cyberattack. Truist Association Services has a team with more than 35 years of experience dedicated to homeowner and community associations. We can help you plan for and respond to cyberattacks and other threats that put your association at risk. Call us at 888-722-6669, or visit Truist.com/AssociationServices.

Purple PaperSM Digital Transformation

Learn how you can put advanced technology to work for your business.
Download the Purple Paper (PDF)

Trending Articles

Associations face the rising threat of fraud and cyberattack

Financing designed for your association

Property managers lean on their financial partners

Learn more about Truist Association Services

Related resources

Association Services

(Video) Standing for better: Truist Association Services

Association Services

(Video) Payment options with Truist Association Services

Association Services

(Video) Better financing with Truist Association Services

Stay informed and get connected

Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

Helpful links

Business Insights
Truist Business Lifecycle Advisory
Business Resource Center

Connect with Truist Association Services

Talk to your Truist Association Services relationship manager about how Truist can help meet your financial needs. To learn more, contact us at 888-722-6669 or visit us at Truist.com/AssociationServices.

Sign up for monthly articles on Business Insights

Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

Please enter a first name
Please enter a last name
Please enter a valid email address
Please enter a company name
I'm also interested in: Please select a campaign option
Component ID : "accordionGridLayout-1396148670"
Model : "disclaimer"
Position : "left"

Disclosure 1 Internet Crime Report 2023, Federal Bureau of Investigation, 2024.

 

Disclosures

Truist Bank, Member FDIC. © 2025 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

Equal Housing Lender

Investment and Insurance Products:

  • Are Not FDIC or any other Government Agency Insured
  • Are Not Bank Guaranteed
  • May Lose Value

TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and /or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by McGriff Insurance Services, LLC (McGriff), Kensington Vanguard National Land Services, LLC (Kensington Vanguard) and Crump Life Insurance Services, LLC (Crump). Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable (PJRV), LLC, Arkansas License #100110185. Member FINRA.

McGriff, Kensington Vanguard, Crump, TLIS, and PJRV are not affiliated with Truist Financial Corporation or any of its subsidiaries.

Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

"Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers phone support in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages, please speak to a representative directly.

New York City residents:

Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

The Consumer Finance Protection Bureau (CFPB) also provides additional resources for homeowners seeking payment assistance in select languages at: https://www.consumerfinance.gov/housing/housing-insecurity/help-for-homeowners/

Site footer

Footer Navigation

Banking products
About Truist
Resources
Support

© 2025, Truist. All Rights Reserved.