Evolving Technology, Changing Regulations, Challenge Credit Union Preparation
MADISON, WI (October 15, 2014) -- With recent high profile data breaches occurring this year, organizations are experiencing an entirely new risk level of data theft and security. At this year’s Discovery Conference, CUNA Mutual Group’s Jay Morgan and Beazley Group’s Katherine Keefe discussed how these major data breaches offer a harsh reminder that credit unions are not immune to this growing risk.
Morgan, director of Product Management at CUNA Mutual Group, said the explosion of mobile devices and technology advances have significantly increased this risk, especially in financial services industries. In 2013, cyber risk incidents totaled more than 61,000, of which more than 800 were with financial services organizations.
“You work hard to earn the trust of your members, and every cyber incident attempts to erode that trust,” said Morgan. “The potential loss or impact to a credit union ranges from hard costs in revenue, legal fees, IT and operations to significant losses in customer loyalty, brand reputation, and employee morale.”
The average total cost of a data breach today is approximately $3.5 million, with the average cost of customer notification reaching almost $510,000.
Due to the significant costs associated with a data breach, there is a growing interest among organizations to shift certain costs by transferring risk through a cyber liability insurance policy.
“When you consider cyber liability insurance policies and the companies that offer them, credit unions also need to consider the tools and resources available to help you recover from a data breach,” Morgan said. “All too often we find most organizations just don’t know where to start when they suffer a breach.”
Keefe, head of breach response services at Beazley, offered more insight into cyber risks specific to credit unions. According to Beazley, 31 percent of all credit union security and data breaches occurred as unintended disclosure, with an increased rise in malware activity.
“There is an uptick in social engineering with increased sophistication to target senior executives with very realistic emails from trade associations they belong to,” said Keefe. She further explains lost or stolen laptops and mobile devices continue to raise concern because organizations are not doing enough to improve encryption with these devices.
To add further complexity to cyber risk, all financial institutions are required to adhere to certain breach notification requirements specific to investigation and member notification.
“State regulators are taking more action regarding customer notification adding to the complexity of this ever-changing regulatory environment,” adds Keefe. “Considering the significant losses, it is important for credit unions to seek experienced insurance partners who have expertise in this area.”
Keefe offered several recommendations to help lessen a credit union’s cyber exposure:
- Develop a written incident response plan. It can help answer what happened, why it happened, and how your credit union will prevent future events and protect members.
- Assemble an incident response team before a breach occurs. It should be a cross-functional, multi-disciplined team that includes representatives from IT, human resources, legal, risk, public relations, compliance, and executive management.
- Seek out resources and experienced firms that can provide expertise and guidance to manage the data breach notification process. Cyber data breach mitigation is complex and ever-changing, and it’s difficult for organizations to stay current with trends, risks and new regulations.
“Most organizations don’t have the internal resources to stay up to date. Therefore, align yourselves with resources and information to help you avail yourself from these increasing risks.” She suggests one place to start is to frequent the many legal blogs written by privacy firms.
The Discovery Conference is an annual conference sponsored by CUNA Mutual Group that attracts a national and international credit union audience of more than 1,300. This virtual, no-cost event helps credit unions remain relevant to members, manage compliance risk and drive growth. Attendees view sessions, ask questions, visit booths and network with peers from the comfort of a computer without expense or time away from the office.
CUNA Mutual Group was founded in 1935 by credit union pioneers, and our commitment to their vision continues today. We offer insurance and protection for credit unions, employees and members; lending solutions and marketing programs; TruStageTM-branded consumer insurance products; and investment and retirement services to help our customers succeed. More information is available on the company’s website at www.cunamutual.com.
CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. Life, accident, health and annuity insurance products are issued by CMFG Life Insurance Company. Property and casualty insurance products are issued by CUMIS Insurance Society, Inc. Each insurer is solely responsible for the financial obligations under the policies and contracts it issues. Corporate headquarters are located in Madison, Wis.
Photo caption: CUNA Mutual Group’s Jay Morgan, right and moderator Phil Tschudy, address cyber security questions during the Discovery Conference, Wednesday.