Credit Unions Should Review Exposure to Data Breach Risks

By Ken Otsuka

The risk of a data breach is equal to or greater than the risk of natural disasters, business interruption, fires, and similar insurable risks, according to 76 percent of the employees involved in business risk management surveyed by the Ponemon Institute. The institute’s August 2013 research report also notes that 56 percent of the organizations surveyed had been victims of a data breach within the previous two years.

Your credit union’s bond policy and other insurance policies may cover certain types of losses associated with a data breach. But if you don’t have a policy specifically dedicated to the growing array of data breach risks, you need to review your overall exposure to these risks.

Basic Elements of Cyber Crime Insurance

Security Breach Liability: The most basic element of a cyber liability policy helps protect your credit union against liability for damages caused by a security breach. For example, your employee’s laptop containing members’ account data is stolen, or your network is hacked by a criminal who steals credit card information. A court may award damages to other financial institutions that sue your credit union for negligence, such as faulty data security. If your credit union is responsible for theft of credit card numbers and CVV codes, the card provider may sue for the expense of notifying your members, blocking and re-issuing cards, etc.

Programming errors and omissions liability: If members sue your credit union for an error that publicly discloses their private financial information.

Public relations expense: For professional PR help in correcting misinformation and in mitigating damage to your credit union’s reputation among your members and the community at large.

Security breach expense: Such as hiring a forensic auditor to determine the extent of the breach, notifying affected members, handling members’ enquiries, etc.

Website publishing liability: Especially important for credit unions that host social networking programs such as Facebook on their website. Defamation of competitors is a typical risk, if users post negative comments about other financial institutions.

A variety of coverages beyond these basics are available to protect your credit union from the potentially catastrophic losses caused by data breaches.

Network Security Tactics

Insurance is critical, but perhaps your best protection is an annual, thorough review of your network security. Consider these prevention tactics:

Protect data in storage and during processing

Encrypt confidential member data (PII – personally identifiable information):

  • Residing anywhere on your network.
  • Residing in mobile devices, laptops, external storage media such as backup drives, etc.
  • Transmitted over the internet.

Establish a policy for acceptable use of internet/email

  • Reduces the risk of infecting workstation computers/credit union network with malware, viruses, etc.

Protect against employees seeking to steal confidential member data

  • Lockdown USB ports and CD ROM drives on workstation computers.

Educate employees to reduce errors

  • Instruct employees how to dispose of anything containing PII, such as old tape drives, disk drives, etc. Include proper disposal for paper records containing confidential member data.

Establish and continually update IT controls, including:

  • Firewalls
  • Antivirus protection
  • Intrusion detection system
  • Operating patches
  • Vulnerability assessments
  • Penetration testing
  • Anti-spam protection
  • Encryption solution

The ability to protect members’ PII, paired with cyber liability insurance, will help minimize potential threats to financial, legal (compliance), and reputation risk in the event of a data breach.

Ken Otsuka is a senior risk management consultant for CUNA Mutual Group. You can reach him at


Strategic Link is the NWCUA’s wholly-owned service corporation, using the power of aggregation to provide the Association’s member credit unions with exclusive high-quality, competitively-priced products and discounted services. Contact Director of Strategic Partnerships Craig Reed today to find out how Strategic Link can help your credit union save money while meeting its goals in 2013 and beyond:

Posted in Article Post.