ALEXANDRIA, Va. (5/21/15)--Sobering statistics on cybercrime combined with a vast array of resources to combat it highlighted a National Credit Union Administration webinar held Wednesday.
According to a study of cybercrime claims conducted by Netdiligence, the average cost per data record exposed was $956.21 in 2014. The median number of records lost in 2014 during a breach was 3,500, which means the average breach cost the company more than $3.3 million.
In 2014, the average payout for a cybersecurity insurance claim was $733,109, the average cost for crisis services was $366,484 and the average cost for legal defense was $698,797.
These numbers make it essential for credit unions to ensure they have a robust data security protocol in place to protect information, but also to be notified of any breach as soon as possible.
Chris Gill, a risk management consultant for CUNA Mutual Group, said during the presentation that there are a number of external and internal ways systems can be breached. Hacking is the most frequent cause of loss, at 30% of instances in 2014, but inside involvement was involved in 32% of data breach claims that year.
“The most secure credit unions are making a greater investment in people, as they learn that managing what goes through the network realty is a full-time job given the regularity with which hackers can get through perimeter defenses,” he said. “Continuous monitoring provides that extra layer of security and helps us to remain vigilant when preventive measures fail.”
Of those in attendance, 52.7% of credit unions said they had an developed a cybersecurity policy, 39.8% said they had not (the remaining 7.4% were not directly affiliated with a credit union).
Tim Segerson, deputy director for the NCUA’s Office of Examination and Insurance, recommended credit unions look to public and industry cybersecurity models, as well as the Federal Financial Institution Examination Council’s IT Handbook and the National Institute of Science and Technology’s Cybersecurity Framework to create an effective cybersecurity risk management policy.
An archived, closed-captioned version of the webinar will be posted to the agency’s website in approximately three weeks.