We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Cybersecurity a "Must" for Credit Unions

user-pic
Vote 0 Votes

Credit union online news agency CUInsight.com recently published an article declaring cybersecurity a "must" for credit unions. In support of its position, author Stuart Levine cites more than 400 incidents - recorded by the Identity Theft Resource center in 2015 - putting at least 80 million records at risk and tallying costs in excess of $100 million for the targeted organization.

What's the best way for credit unions to tackle cybersecurity risk management? The author suggests credit unions start with a robust Enterprise Risk Management effort.

Total data protection, however, is an impossible objective. Management, therefore, must identify those risks to avoid, accept, mitigate or lay-off... By design, this approach heightens the urgency to address cyber-risk, creating a mindset of data protection that infuses the organizational culture.

cybersecurity defenses Attaining assurance that your credit union has reached a satisfactory level of control over cyber risks requires that your IT security program integrate traditional governance functions like vendor and asset management with its Enterprise Risk Management program. When risk is identified as the common baseline measure of resource allocation for cybersecurity defenses,  an otherwise overwhelming concern is broken down into manageable, actionable initiatives that address the weakest areas of the control environment.

Involving a large percentage of your employee base in the risk assessment process not only creates the "risk culture" portrayed by Levine, but also assists in the identification of systemic concerns inherent to IT security programs. Many credit unions can't identify a single point of failure at which to apply resources. Upon evaluating a variety of assessments across multiple functions, the majority uncover systemic concerns that must be addressed with more broadly focused mitigation strategies.

Programs reaching out to the managerial level of the business also provide assurance that, in the event of a breach, the business is covered from any claims that its leadership was negligent in its effort to reduce material risk. With boards now held accountable for all risk (at whatever level it might materialize), they can be held responsible for creating an environment that results in a cybersecurity failure, even if they had little to do with the failure itself.

How can Enterprise Risk Management efficiently generate returns for credit unions? Download our ROI on ERM and ERM Software for ideas on generating your business case and testing the maturity of your cyber risk program.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT