Data Breach Losses Adding Up: Onsite Coverage
SAN FRANCISCO – Credit unions face reputation damage, increased operational costs, lost revenue, lawsuits and regulatory scrutiny in the event of a security breach, according to Jay Isaacson, director of Product Management for Credit Union Protection at CUNA Mutual Group.
He said during a session Wednesday at America’s Credit Union Conference that credit union data-related loss has occurred in fraudulent remote funds transfers.
“We’ve seen losses as much as seven figures in this area,” Isaacson said.
Fraudulent loans and online banking transactions have also caused major losses.
In 2013, 63,437 known cyber incidents occurred, caused mostly by hacking and malware, according to the Verizon 2014 Data Breach Investigation Report.
“Network security is only as strong as the weakest link. You may have an air-tight data system, but if a third-party provider you use is lax, or a laptop containing confidential data goes missing, your credit union is at risk,” he said.
Isaacson recommended a series of steps credit unions should take to avoid harmful consequences, including employee training, educating members and executing an incident response plan.
“It’s not enough to have a plan, you have to test the plan too,” he said.
The NCUA said cybersecurity would be included in examinations.
“In response to this growing threat, NCUA examinations in 2014 will include an assessment of a credit union’s ability to assess and mitigate cybersecurity risks and respond to cybersecurity incidents,” read the NCUA’s annual report for 2013.
If a credit union does not have the expertise to deal with cyber security breaches, Isaacson suggested assembling a data security incident response team and naming a chief security officer.
Credit unions can also protect themselves from the negative effects of security breaches with cyber liability insurance.
Isaacson said a sufficient cyber liability policy includes liability coverage for protection against lawsuits and expense coverage for managing and mitigating a security breach.