Part 748 of NCUA's regulations specified, among other things, that credit unions must develop appropriate security programs, establish risk assessments and control measures, assist in the identification of persons who commit or attempt actions and crimes – knowingly or accidentally – that could result in data breaches and other security threats. Credit unions must also develop direct response programs that specify actions to be taken when the credit union suspects or detects that unauthorized individuals have gained access to member information systems –including appropriate reports to regulatory and law enforcement agencies.

“The demand for insider threat protection is growing, but it's often an expensive and demanding process,” Michael Goldberg, vice president of corporate marketing for Awareness, said. “But we pride ourselves on making sure these solutions are cost-effective and easy to use and implement.”

Awareness Technologies provides internal threat management solutions that provide uniform coverage for on-site, remote and traveling employees.

The survey results came just as news broke that because of AT&T data breaches, which exposed about 280,000 U.S. customers' names and full or partial Social Security numbers, the company agreed to pay a $25 million civil penalty to settle a Federal Communications Commission investigation into the consumer privacy violations.

The breaches took place at call centers used by AT&T in Mexico, Colombia and the Philippines, when employees accessed sensitive customer data without adequate authorization. Those employees took payment from third parties in exchange for customer names and Social Security numbers that could unlock stolen cell phones for sale on secondary markets, the FCC said.

At an international gathering of computer security professionals in March, all but 2% of respondents surveyed believed the law should address data breaches that expose consumers' personal information, and 16% advocate criminal charges against offending companies' CEOs or board members.