Data breaches have overtaken the theft of physical assets as the No. 1 fraud type, with most data theft occurring in the financial services industry, according to Ken Otsuka, senior risk consultant for CUNA Mutual Group.
To avoid crippling financial damage and loss of member trust, credit unions must implement measures to prevent data breaches and have a solid mitigation plan if one occurs.
Otsuka, addressing CUNA Mutual’s Online Discovery Conference Tuesday, cited the 2010 Annual Global Fraud Report by the risk management consulting firm, Kroll.
The study indicated the information-rich financial services industry led the way in data theft incidents at 42% in 2010, up from 24% in 2009.
“Data breaches have quickly become a top concern,” Otsuka said. “They are increasing in frequency and severity in terms of number of records breached and recovery costs.”
Breaches can involve electronic data or paper and occur in many ways, including:
A data breach can be devastating for a credit union, Otsuka said. A 2010 Ponemon Institute study stated the average cost to repair a compromised record was $214. For financial institutions, that cost was $353.
Data breaches cost more than money. “A breach could shake members’ confidence in the credit union’s ability to protect their personal information, which could have a devastating effect on the credit union’s reputation,” Otsuka said.
Compliance and legal risks also loom. “The Gramm-Leach-Bliley Act requires credit unions to protect and secure members’ personal information,” he said. “Penalties for noncompliance, whether at the state or federal level, can be severe. In addition, numerous well-publicized lawsuits have been brought by consumers against organizations that experienced data breaches.”
Otsuka urged attendees to implement proper technology, policies, and procedures to protect confidential member data. He offered these tips:
Otsuka advised having an insurance backstop, such as of CUNA Mutual Group’s Cyber & Security Incident Package, which provides coverage for credit unions in the event of a data breach.