Crisis Communication

Plan for Wilmington

Trust

A Detailed Outline of Crisis Response Tactics

Plan Created by: AP Smith

Revised: April 22, 2020

Table of Contents
Confidentiality Statement.....................................................2
Introduction..........................................................................3
Acknowledgements...............................................................4
Background Information.......................................................5
Crisis Management Team......................................................5
Rehearsal Dates....................................................................7
Crisis Control Center.............................................................7
First Action Page...................................................................8
Purpose.................................................................................9
Objectives.............................................................................9
Goals...................................................................................10
Key Publics..........................................................................11
Notifying Key Publics..........................................................12
Crisis Inventory...................................................................14
List of Prodromes................................................................18
Key Messages......................................................................19
Spokesperson Guidelines....................................................20
Media Directory...................................................................21
Media Contact Log...............................................................22
Media Coverage Tracker......................................................23
Relevant Government Agency Websites..............................24
Stakeholder Contact Log.....................................................25
Crisis Plan Evaluation Form.................................................26
Internal Impact Evaluation Form........................................27
Stakeholder Impact Evaluation Form..................................28
Incident Report Form..........................................................29
Sample Press Release.........................................................30
 Confidentiality Statement

The contents of this crisis communication plan are confidential and

are proprietary to Wilmington Trust. Duplication, disclosure, or

distribution of any information enclosed in this plan is strictly

prohibited. Any person in possession of this document that is not an

employee of Wilmington Trust shall cease reading the document

immediately.

2
Introduction

Dear Wilmington Trust Employees,

Wilmington Trust has been in operation since 1903, the core

reasons for that being our organizational commitment to getting better
each day and our capability to learn from past mistakes. This Crisis
Communication Plan has been created to aid us in both of those
endeavors. The purpose of this plan is to create an effective
framework for Wilmington Trust management and employees to refer
to in the event of a crisis. Crisis is inevitable, but the effects of a crisis
can be diminished through detailed planning and understanding of the
plan in the event of its deployment.

Upon receipt of this document, please read through it thoroughly

to understand company crisis policies and to familiarize yourself with
your role in crisis response. A copy should be kept in your desk at all
times. Once you have fully read the document and understood it,
please complete the electronic acknowledgement form on your
company server.

Crisis rehearsals will take place every six months and should be
treated as though the situation is occurring in real life. As a financial
institution, we have a responsibility to our clients to protect their
wealth. We should do everything in our power to make good on our
promises to clients when they choose to invest with us. This crisis plan
will help us keep our word.

Sincerely,

Doris Meister
President of Wilmington Trust

Note: This letter was written by AP Smith as a theoretical representation of

what Ms. Meister might say in her introductory letter. Stuart Smith, a
managing director at Wilmington Trust, assisted with tone and language.

3
Acknowledgements

By signing and dating this document, I acknowledge I have read this crisis

communication plan in full and understand my role in executing the plan in

the event of its deployment.

Doris P. Meister
President Signature Date

Tony Roth
CIO Signature Date

Mike Keane
Chief Operating Officer Signature Date

Donald DiCarlo
Chief Planning Officer Signature Date

William LaFond
Head of Family Wealth Signature Date

Bill Buccella
Head of US Markets Signature Date

Maya Dillon
Director of Corporate Signature Date
Communications

Mike Zabel
Director of Corporate Signature Date
Communications, M&T

Tracy Nickl
National Sales Manager Signature Date

William Farrell
EVP, Institutional Client Signature Date
Services

4
Background Information

Wilmington Trust is a subsidiary of M&T Bank that delivers wealth

services to institutions and corporations. As a member of the M&T
family, Wilmington Trust assists companies in managing their wealth
and investable assets. The Wilmington Trust Company was founded in
1903 and acquired by M&T Bank in May of 2011. The company is
headquartered in Wilmington, Delaware and is led by Doris P. Meister,
the executive vice president of wealth management at M&T and the
head of Wilmington Trust. Overall, M&T is one of the 20 largest
commercial bank holding companies in the United States and its
wealth management branch serves clients in all 50 states as well as
abroad.

Crisis Management Team

Doris P. Meister
President of Wilmington Trust

As President of Wilmington Trust, Doris is the public face of the

company and is equipped to take control in the event of a crisis. She
will oversee the execution of the crisis plan and ensure that rehearsals
are up to par with expectations. She will also be the initiator of the
employee alert system in the event of a crisis. As secondary
spokesperson, she will serve alongside primary spokesperson Maya
Dillon to openly and honestly disseminate information to the public.

Tony Roth
Chief Investment Officer

As Chief Investment Officer at Wilmington Trust, Tony is tasked with

managing employees making key investment decisions. In a crisis,
Wilmington Trust’s investment strategy would likely change or pause
normal operations, therefore Tony’s inclusion on the crisis team is

5
essential to ensure reliability and protection of information. He will be
the primary creator of content that would be disseminated to various
publics by Bill Buccella.

Maya Dillon
Director of Corporate Communications

As Director of Corporate Communications for Wilmington Trust, Maya

will serve as the liaison between the company and the media for the
duration of a crisis. She will be the primary source of information for
the media and will regularly update the public on the situational status
as it develops. Furthermore, as the primary spokesperson in the event
of a crisis, she will be the publicly identifiable face of the company
along with Doris. She will be essential in ensuring an existing crisis is
not magnified by ineffective communication strategy.

Bill Buccella
Head of US Markets

As Head of US Markets at Wilmington Trust, Bill commands the largest

cohort of client facing professionals. In the event that client data was
compromised, his advisement would be crucial in ensuring the least
possible damage to client-investor relations. Being one of Wilmington
Trust’s most recognizable client facing employees, his connections and
expertise require his inclusion on this team.

Mike Zabel
Director of Corporate Communications, M&T

As Director of Corporate Communications for Wilmington Trust’s

parent company M&T Bank, Mike will be invaluable in seamlessly
communicating relevant information to the M&T management team
and any stakeholders in the bank at large. His inclusion on the crisis
team takes the onus off of Maya to take charge of communications
with M&T and allows her to focus her energy outwards while he deals
with internal communication strategies.

6
Rehearsal Dates
All Wilmington Trust employees will be required to participate in
company-wide crisis rehearsals on a biannual basis. The two 2020
crisis rehearsals will be held on: Monday, May 4th and Monday,
November 2nd.

The crisis rehearsals will take place at company headquarters at:

Wilmington Trust
1100 North Market Street
Suite 300
Wilmington, DE 19801

As many Wilmington Trust employees do not work directly out of the

Wilmington office, these employees will participate in rehearsals
remotely via video conference. Future rehearsals will be scheduled on
a biannual basis with specific dates selected at the discretion of Doris
P. Meister.

Crisis Control Center

The crisis control center will be located in company headquarters at:

Wilmington Trust
1100 North Market Street
Suite 300
Wilmington, DE 19801

A conference room at Wilmington Trust headquarters will be

designated as the meeting place in the event of a crisis. The crisis
team will be expected to meet there to enact the initial response to the
plan and will subsequently inform their designated publics of how to
proceed. This will serve as the command center for the duration of the
crisis.

7
First Action Page

Incident Commanders

 Doris P. Meister
 Tony Roth
 Maya Dillon
 Bill Buccella
 Mike Zabel

Spokespeople

Primary Spokesperson: Maya Dillon

Secondary Spokesperson: Doris P. Meister

Crisis Plan Activation

In the event of a crisis, any of the five incident commanders have the
power to declare a situation of crisis and activate the plan. These five
individuals manage different aspects of Wilmington Trust’s operations,
therefore whichever individual manages the department in which the
crisis originated will likely declare the crisis.

If client data is compromised in any way, the situation is a crisis and

calls for the activation of this plan.

If ability to conduct normal company operations in-person is impacted

due to natural disaster, civil unrest, or other factors, activation of the
plan is warranted.

Any financial crisis, either internal or industry-wide, will call for the
activation of this plan. Appropriate updates on the company’s financial
stability and operating status will be provided to clients.

Any instance of workplace violence or sexual harassment calls for

immediate plan activation to address the problem and manage
possible media attention.

8
Purpose

In the event that Wilmington Trust experiences a widespread technical

systems failure or data hack, it is essential that we have a plan in
place to quickly respond and provide support to our stakeholders. The
following plan aims to identify and minimize potential risks and provide
concrete, actionable guidelines for how Wilmington Trust will respond
in the event of a crisis.

Objectives

Wilmington Trust will make every effort to:

 Deploy this crisis plan the moment it becomes evident that a

data breach has occurred
 Determine the point of origin of the breach and isolate that
system as quickly as possible to prevent any further damage
 Communicate openly and honestly with stakeholders whose
data may have been compromised
 Release a statement to the media within 24 hours of the
breach with details of the breach and response tactics
 Expeditiously inform relevant government agencies, including
but not limited to: the OCC, the SEC, The Federal Reserve,
and FINRA
 Circulate regular status updates to internal publics, including
key messages
 Conduct an internal investigation and comply with any third-
party investigations related to the breach

9
Goals
Short-Term Goals

In order to effectively address a future crisis, this plan must be firmly

in place, widely accessible to Wilmington Trust employees, and
consistently practiced. Thus, the short-term goals of this plan are:

 Ensure every employee acknowledges their understanding of

their role in the plan
 Incorporate the plan into staff training and crisis scenario
rehearsals
 Install copies of the plan in a common area of each Wilmington
Trust location and in every employee’s desk

Long-Term Goals

Long-term goals are crucial in crisis management as they provide

actionable objectives to work towards in order to restore Wilmington
Trust to full operational capacity and mitigate reputational and
financial effects of the crisis.

 Provide information to key publics on a regular basis, be

forthcoming with new and relevant findings
 Conduct internal investigations and comply with third-party
investigations; utilize findings to bolster the current crisis plan
and change company practices to reflect understanding of new
information
o Increase data security protocols, strengthen firewalls
 Resume normal operations as quickly and seamlessly as possible
 Evaluate crisis plan efficacy (see evaluation forms)
o Address weaknesses and/or omissions from the plan
o Review strengths of the response strategy

10
Key Publics

Important parties for Wilmington Trust to notify in the event of a crisis

include but are not limited to:

 Management team
 Investors
 Wilmington Trust employees
 Clients
o High net-worth clients (greater than $50 million net
worth)
o US Markets clients ($10-50 million net worth)
o Mass affluent clients (less than $10 million net worth)
 M&T Board of Directors
o Note: Wilmington Trust does not have its own board of
directors independent of M&T: this Board serves as their
Board as well
 Stockholders
 M&T Management team
 Media outlets
 Legal counsel
 Technological support team
 Government agencies
o FINRA
o SEC
o OCC
o Federal Reserve

Note: Depending on the nature of the crisis, not all key publics will
necessarily need to be notified.

11
Notifying Key Publics
In the event of a data breach crisis, Wilmington Trust will need to act
quickly to inform its key publics of the situation at hand. Members of
the crisis management team will each be responsible for different
publics. Notifying all of these publics quickly and concisely of the crisis
will be essential in continuing operations with as little interruption as
possible. A breakdown of this system or failure to inform a relevant
public could magnify the crisis and lead to even worse results. The
assignments of publics and means of notification are outlined below:

Wilmington Trust Employees

All employees of Wilmington Trust will be notified of a crisis by Doris

via the employee alert system installed on every company-issued
device. In the event of a crisis, she will activate the system and send a
data breach alert. Further company communication to employees will
be done using this system.

Investors and Stockholders

Investors and stockholders will be notified of a crisis by Tony via

email. Tony will utilize email lists of each group and notify them that a
data breach has occurred and is being managed by Wilmington Trust
tech support. Pertinent information and relevant content created by
Bill will be disseminated to investors and stockholders in the same
manner.

M&T Board of Directors and Management Team

M&T’s Board of Directors and Management Team will be notified of the

crisis by Bill via email. He will include the language from Doris’
employee alert and inform recipients that he will serve as the primary
communications liaison between Wilmington Trust and M&T. He will
continue to forward employee alerts to this group whenever they are
pertinent.

12
Clients

As the most client-facing member of the crisis team, Bill will be in

charge of notifying Wilmington Trust’s clients of the crisis and
providing them with any updates as they arise. He will mass email
clients via a full-client list. Any client whose data is determined to have
been directly affected will receive an additional email detailing steps
forward and how Wilmington Trust will support them in safeguarding
current investments.

Government Agencies and Legal Counsel

Mike will be in charge of notifying and consulting with government

agency contacts and Wilmington Trust/M&T’s legal counsel. He will
notify the proper agencies by telephone first and send a follow-up
email detailing specifics of the crisis depending on the agency’s area of
operation. Mike will notify legal counsel by phone and email as well,
detailing potential areas of liability for the company and looping them
into the actions being taken to decrease possible future litigation.

Media Outlets

As Wilmington Trust’s Director of Corporate Communications, Maya

will be in charge of notifying the media of a crisis and acting as a
spokesperson for the company. She will craft a press release (see p.
30 for an example) detailing initial information on the crisis and
release it to relevant outlets, first in the local market of the office
where the breach originates and, if necessary, to larger national
outlets. If necessary, Maya will call a press conference to address the
crisis in front of the media and field questions.

Note: As Wilmington Trust holds offices in many cities across the

country, Maya will prioritize notifying the local media outlet in the city
where the data breach originated. However, depending on how
widespread the data breach is, she will be prepared to loop in more
local outlets as necessary.

13
Crisis Inventory
The following information constitutes a detailed analysis of any and all
crises that may occur at Wilmington Trust. The crises are ranked
based on two factors: the likelihood that the crisis will occur and the
impact the crisis would have on organizational operations if it did
occur.

Crisis Risk Assessment

5

0
Natural Disaster Workplace Civil Unrest Financial Crisis Data
Violence/ Breach/Hack
Harassment

Likelihood Impact

LIKELIHOOD

 0: Not at all likely, effectively impossible

 1: Small likelihood of occurrence
 2: Somewhat likely to occur
 3: Likely to occur
 4: Highly likely to occur
 5: Almost guaranteed to occur, may have previously occurred in
the company

IMPACT

 0: No damage to the organization

 1: Minimal damage to organization
 2: Some damage to organization
 3: Considerable damage to organization, likely media coverage
 4: Significant damage to organization, definite media coverage

14
  5: Severe damage to organization, threatens viability of business
moving forward, guaranteed media coverage of the crisis

Natural Disaster (Likelihood 1, Impact 3)

A crisis due to natural disaster would occur if Wilmington Trust were

significantly damaged as a result of a weather event. The likelihood of
Wilmington Trust incurring significant enough damage to call for
suspension of in-person work is low, but the risk does exist. However,
due to the business structure of Wilmington Trust with many
employees working in offices other than the company headquarters,
Wilmington Trust’s remote working capabilities will mitigate some of
the crisis’ effects and allow for long-term remote work if necessary as
a result of any physical damage to the workplace.

Workplace Violence/Harassment (Likelihood 2, Impact 3)

A workplace violence/sexual harassment crisis would arise as a result

of negligence on the part of Wilmington Trust in training and
monitoring employee interaction. Wilmington Trust does not function
like a branch bank with face-to-face customer interaction, so the
violence would likely arise internally and not from an external actor
(ie. an angry customer). The likelihood of an instance of workplace
violence or sexual harassment occurring is relatively low as Wilmington
Trust has installed many barriers to such activity. These include:
extensive anti-harassment and propriety training, glass-walled offices,
and a security system requiring multiple badge presentations to move
from one area of the office to the other.

While the likelihood of such a crisis arising is low, the reputational

damage that Wilmington Trust might incur as a result is significant,
thus there is considerable impact. If an issue of this nature were not
properly addressed, the reputational damage could quickly become
financial and impact day-to-day operations due to loss of clientele or
investor support. However, if dealt with quickly and in accordance with
company protocols, the issue might not reach the media and thus, the
impact would be lessened.

15
Civil Unrest (Likelihood 1, Impact 3)

A crisis due to civil unrest would occur when in-person operational

capabilities were impacted due to riots or protests in cities where
Wilmington Trust has offices. While the likelihood of such an event
occurring to the degree that offices in the immediate area need to
close is low, Wilmington Trust has experienced such an event during
the 2015 riots in Baltimore City following the death of Freddie Gray.
Similar to a response to natural disaster, Wilmington Trust’s remote
working capabilities will mitigate some of the crisis’ effects and allow
for long-term remote work if necessary as a result of any office
closures in cities impacted by civil unrest.

Financial Crisis (Likelihood 1, Impact 4)

A financial crisis would occur when Wilmington Trust’s capital and cash
flow were threatened due to either internal factors or market volatility.
Other crises included in this risk assessment could result in financial
crisis if left unmitigated. The likelihood of such a crisis occurring at
Wilmington Trust in a way that significantly affects business is low,
however Wilmington Trust’s operational capabilities are directly
affected by greater market trends or recession, for example the
recession of 2008. However, because Wilmington Trust is not a big
money center bank and is one of the more conservatively managed
and capitalized banks in the US, the risk of significant financial crisis is
low. The impact of a financial crisis would be incredibly severe,
especially as banks with less conservative investing strategies would
likely default in the event of widespread financial downturn, which in
turn would affect Wilmington Trust. While the likelihood of severe
financial crisis is low, the impact of such a situation would undoubtedly
do damage to operational capabilities and company reputation.

Data Breach/Hack (Likelihood 3, Impact 5)

16
A data breach or hacking crisis would occur when a system within the
Wilmington Trust databased was compromised and client data was
potentially accessed by an external actor. Wilmington Trust employs
extensive security measures to guard against this: multi-layered
access requirements, employee training on phishing and malware
recognition, control on printing, downloading, and forwarding from
outside of office locations, and monitoring computers and phones of all
licensed professionals employed by the company. However, even with
all of these protections in place, Wilmington Trust remains at risk of
hacking as much of their data involves high net-worth individuals and
organizations. Any weakness in security protections will likely be
exposed at some point and lead to a data breach crisis.

The impact of such a crisis would be incredibly high. Any security

breach would require suspension of operations while the origin of the
breach was determined. A data breach would directly affect client data
and could conceivably lead to loss of funds or privacy concerns for a
portion of Wilmington Trust’s clients. This would lead to high degrees
of media attention and likely reputational damage, which could then
result in financial crisis as clients might move their portfolios
elsewhere in fear their money was not secure. The snowball effect of
client data being compromised is significant and if handled incorrectly,
could damage Wilmington Trust’s financial viability for years to come.
It is not a matter of if a data breach will occur, but when. The severity
of the breach is the question. Because of all of these factors, this is the
most salient potential crisis for Wilmington Trust.

In analyzing the likelihoods and impacts of the possible crises that

could occur at Wilmington Trust, it was determined that the likelihood
and impact pairing in this scenario created the most salient crisis.
Thus, the remainder of this crisis plan will focus on a data
breach/hack.

17
List of Prodromes

Crises rarely arise out of thin air and are often preceded by warning
signs, otherwise known as prodromes. Below is a list of prodromes
that might appear in the event of a data breach or hack:

 Technological support team reports suspicious server activity

 An employee reports increased receipt rates of phishing emails
 An employee reports their internet searches are redirecting to
new pages
 An employee reports slower than normal device speeds
 An employee reports computer programs crashing without
apparent cause
 An employee reports their computer is restarting without
apparent cause
 An employee reports persistent pop-ups on their device
 A client reports receiving strange emails from a Wilmington Trust
email account

Understanding these prodromes and their meanings is an essential tool

in preventing a data breach at Wilmington Trust. All employees should
be extensively trained in recognizing these warning signs in order to
decrease the likelihood that a data breach occurs.

18
Key Messages
In the event of a data breach or hack at Wilmington Trust, the first
and foremost priority is to contain the breach and protect client
information. Informing all clients of the data breach and providing
them information about the company’s response to the breach is
essential and needs to occur as soon as possible. Once it is apparent
which clients’ data might have been compromised, those parties need
to be informed of the steps Wilmington Trust is taking to mitigate the
effects of the breach and protect their investments.

Wilmington Trust will announce an internal investigation into the origin

of the breach and affirm full cooperation with any government agency
of third-party investigation deemed necessary by oversight bodies.
Wilmington Trust will restate its commitment to ensuring a safe and
stable investing environment for its clients and its interest in fully
understanding the nature of the breach to ensure it can bolster its
security systems in the future. Finally, Wilmington Trust will explain
that all employees are extensively trained in recognizing hacking
attempts and will continue being trained in response to this crisis.

The key messages should be emphasized in this order:

1. Our primary concern is containing the breach and protecting

client information
2. We take full responsibility for this security breach
3. We have informed all clients of the data breach and how we are
responding in real-time
4. We are in contact with clients whose data was directly affected
and we will do everything in our power to support them
5. We will conduct a thorough internal investigation and cooperate
fully with any third-party government or oversight investigation
6. We are committed to being as transparent as possible in our
dealings with clients and media

19
Spokesperson Guidelines
The primary spokesperson in case of a crisis is Maya Dillon. The
secondary spokesperson is Doris P. Meister. Outlined below are a
general set of guidelines for communicating with the media during a
crisis:

What to Do

 Stick to key messages

 Provide a baseline of facts in any communication with the media
 Remain accessible for follow-ups
 Tell the truth in the most complete form possible
 Utilize existing media connections
 Treat all media organizations equally, don’t favor organizations
that have positively covered you in the past
 Monitor media for negative stories, address any mistruths in
news coverage to dispel rumors
 Be organic, don’t parrot back organizational messaging to the
degree that you sound robotic

What Not to Do

 Never respond with “no comment”

 Never release information to the public without confirmation of
its truth (to the best of your current knowledge)
 Never promise something you cannot follow through on
o Example: customers affected by the data breach will all be
refunded a portion of their investor acquisition fees
 Never shift blame in an attempt to escape responsibility: own
organizational mistakes
 Never use complex organizational/industry jargon, keep media
communications in language that the general public will
understand

20
Media Directory
Local Market: Buffalo Local Market: Baltimore
Matt Glynn: Banking and Finance Meredith Cohn: Business and
Reporter Health News Reporter
The Buffalo News The Baltimore Sun
One News Plaza 300 E. Cromwell St.
Buffalo, NY 14240 Baltimore, MD 21230
(716) 842-1111 (410) 332-6480
mglynn@buffnews.com meredith.cohn@baltsun.com

Local Market: DC Local Market: Philadelphia

Zachary Goldfarb: Deputy Catherine Dunn: Business and
Business Editor Power Reporter
The Washington Post The Philadelphia Inquirer
1301 K St. NW 801 Market St., Suite 300
Washington, DC 20071 Philadelphia, PA 19107
(202) 334-6242 (215) 854-5103
Zachary.goldfarb@washpost.com CDunn@inquirer.com

Local Market: New York Local Market: Wilmington

Michael Corkery: Finance Isabel Hughes: Breaking News
Reporter Reporter
The New York Times The News Journal
620 8th Ave #1 950 West Basin Road
New York, NY 10018 New Castle, DE 19720
(800) 698-4637 (302) 324-2679
Michael.Corkery@nytimes.com ihughes@delawareonline.com

Local Market: Boston Local Market: Los Angeles

Hiawatha Bray: Business Laurence Darmiento: Business
Technology Reporter and Wealth Reporter
The Boston Globe The Los Angeles Times
1 Exchange Place 2300 E. Imperial Highway
Boston, MA 02109 El Segundo, CA 90245
(617) 929-3119 (213) 283-2274
h_bray@globe.com laurence.darmiento@latimes.com

21
Media Contact Log

Name Date Time Reason for Follow-

Contact up/Response

Note: All Wilmington Trust employees have this document at their disposal in
electronic form and should utilize it in that form. This serves simply as an
example and a hard-copy backup.

22
 Media Coverage Tracker

Outlet Name Date of Story Headline Tone of Quote? Y/N

Story

Note: All Wilmington Trust employees have this document at their disposal in
electronic form and should utilize it in that form. This serves simply as an
example and a hard-copy backup.

23
Relevant Government Agency Websites
 Office of the Comptroller of the Currency (OCC)

o Website: https://www.occ.treas.gov/

 U.S. Securities and Exchange Commission (SEC)

o Website: https://www.sec.gov/

 Financial Industry Regulatory Authority (FINRA)

o Website: https://www.finra.org/#/

 Federal Reserve System

o Website: https://www.federalreserve.gov/

24
Stakeholder Contact Log

Name Date Time Reason for Follow-

Contact up/Response

Note: All Wilmington Trust employees have this document at their disposal in
electronic form and should utilize it in that form. This serves simply as an
example and a hard-copy backup.

25
Crisis Plan Evaluation Form
After the crisis has been properly dealt with, please evaluate the crisis
management that occurred using this form. This form should be
disseminated to all team members.

1. On a scale of 1-10, how effective was this CCP in aiding the crisis
management team in their efforts to handle the crisis?

2. What were the strengths of this CCP?

3. What were the weaknesses of this CCP?

4. Did anything arise during the crisis that you felt should have
been planned for in this CCP, but wasn’t?

5. How effective of a resource was this CCP on the whole, on a

scale of 1-10?

6. How can this crisis plan be improved?

26
Internal Impact Evaluation Form
After the crisis has been properly dealt with, please evaluate the
impact of the crisis on both internal and external operations. This form
should be disseminated to every Wilmington Trust employee.

1. On a scale of 1-10, how would you rank this crisis in terms of its
severity?

2. Do you feel you were informed well enough and often enough of
pertinent updates to the crisis situation?

3. Did you feel that your ability to conduct business as usual was
impacted by this crisis? How?

4. Do you feel that the crisis management team acted effectively in

mitigating the effects of this crisis?

5. Do you feel that this crisis has had a significant negative effect
on Wilmington Trust’s reputation?

6. Do you believe Wilmington Trust will be able to bounce back

from this crisis?

7. Do you believe Wilmington Trust maintained clients’ trust

through its communication during the crisis?

27
 Stakeholder Impact Evaluation Form
After the crisis has been properly dealt with, this form will be
distributed to stakeholders and key publics in the form of an online
survey through their Wilmington Trust accounts.

Friends of Wilmington Trust,

As you know, we recently experienced a data breach in our systems, and we

know you have been anxious for the problem to be resolved. We are pleased to
inform you that the breach has been contained and Wilmington Trust is back at
full operating capacity. But there is much more to be done.

In order to ensure something like this never happens again, Wilmington Trust is
asking stakeholders and employees alike to assess our performance: in your
opinion, how did we do?

We’re asking you to fill out this brief questionnaire and give us your thoughts. If
you’re pleased with our handling of the situation, let us know. If there are things
you wish we’d done better, we’d love to hear them.

Thank you for standing by us throughout this experience. We promise you, it’s
going to make us better in the long run.

Sincerely,

The Wilmington Trust Team

Questions:

1. How would you rate Wilmington Trust’s performance in this

crisis?
2. When were you made aware that a data breach had occurred at
Wilmington Trust, and through what channel?
3. Did you feel supported through the duration of this crisis? Why
of why not?

28
 4. Will you continue your relationship with Wilmington Trust
following the conclusion of this crisis?

Incident Report Form

This form should be completed by a crisis team member at first
opportunity following the declaration of a crisis.

On what day and at what approximate time was the breach first
apparent?

On which system was the data breach first discovered?

Who was the first member of the crisis team notified? What was the
chain of communication utilized to notify the team member of a
breach?

When was each crisis team member notified of a breach? How long did
this notification process take?

How long after it was clear a data breach occurred was the crisis plan
activated?

Was the crisis plan followed upon its deployment? How well? What
factors impacted the ability to effectively utilize the plan?

29
Sample Press Release
FOR IMMEDIATE RELEASE

Contact:
Maya Dillon
(646) 735-1958
mdillon@wilmingtontrust.com

HEADLINE: Wilmington Trust Investigating System Data Breach

(INSERT RELEVANT LOCAL MARKET) (DATE) – Wilmington Trust

experienced an online data breach today and is working to determine
the point of origin within their systems.

The data breach was initially reported at (TIME/DATE) in the

(LOCATION) office. A team has been mobilized to notify clients
whose data was potentially affected by the breach, as well as relevant
government agencies and other stakeholders.

Wilmington Trust temporarily suspended operations while the breach

was contained and has informed employees of the breach’s nature to
prevent further damage.

SAMPLE QUOTE: “Wilmington Trust is committed to expeditiously

determining the origin of this breach and bolstering our security
systems to ensure nothing of this nature occurs again,” said Director
of Corporate Communications Maya Dillon. “Above all else, we want to
ensure our clients that the safety of their investments and personal
information is our greatest concern.”

Wilmington Trust will conduct an internal investigation and comply

with any third-party investigation that occurs. Findings will be released
at http://news.wilmingtontrust.com/.

30
###

For more information or with media inquiries, please contact Maya

Dillon at mdillon@wilmingtontrust.com.

31