Though cybersecurity concerns seem endless the cost of credit unions protecting themselves from incidents such as data breaches and fraud far outweighs the professional and financial risks of not protecting themselves.
When it comes the valuation of cyberattacks many security experts draw from the "2017 Cost of Data Breach Study," sponsored by IBM Security and conducted by Ponemon Institute, which estimated the average total cost of a data breach at $3.62 million and the average cost for each affected record at $225. Heavily regulated industries such as financial services ($336) had a higher per record cost than the overall mean.
For credit unions the biggest cost associated with breaches comes from the cost per record, Stephen Gilmour, manager, technical product management at Symitar, a division of the Monett, Mo.-based Jack Henry & Associates, noted. "Remember that a credit union doesn't usually have just one type of record per member, but often multiple records for each member (such as credit cards, SSNs, driver license, other PII data)."
Recommended For You
Samantha Amburgey, CIO of the $3.8 billion Lansing, Mich.-based Michigan State University Federal Credit Union, a Symitar core client, said, "Costs will vary with the size of the threat, attack, or incident." She mentioned other factors such as wages for internal resources in Information technology, internal audit, and risk management, internal and external communications, and member support areas.
Amburgey said, "At MSUFCU, we estimate that our information security program pays for itself by preventing many security incidents per year."
For smaller credit unions, cybersecurity costs may present a quandary especially when compared against a potential remediation bill. Gene Fredriksen, chief security strategist St. Petersburg, Fla.-based PSCU said. Fredriksen observed while there are a number of costs resulting from a breach the price tag jumps considerably when factoring in legal and the research costs. "If you hire a forensic firm of any size to do an analysis you are easily into the six-figure range without blinking an eye. Probably on the legal costs, you are into that same amount."
Dave Stafford, PSCU's chief information officer, mentioned some immeasurable financial and reputational losses. "You lose member trust, you lose potential future customer acquisition. You have the possibility of the credit union's card slipping to second place [in a mobile wallet]. It is very difficult to measure those intangibles."
Credit union costs for lack of protection surpasses the price of putting the right policies, procedures and tools in place. "A credit union will eventually have to implement security. Delaying the costs of implementation only increases them, as security then has to be retrofitted," Paul Love, chief information security officer of Rancho Cucamonga, Calif.-based CO-OP Financial, advised.
Read the full article in the Nov. 15 edition of CUTimes.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
