The Cyber Threats Your Credit Union’s IT Team Can’t Stop Alone

Credit union cybersecurity is often viewed as an exclusively IT issue, but the best defense involves every employee within the organization. How prepared is your credit union?

  • 73% of companies are not adequately prepared to face a cyberattack.1
  • 65% of C-suite executives believe their cybersecurity strategy is well-positioned.2
  • But just 17% of these strategies are considered at the highest level.2

3 Main Threats to Data

Protecting sensitive data requires ensuring its confidentiality, integrity, and availability.

1. Confidentiality

  • 69% of organizations have experienced phishing and social engineering attacks.
  • 43% have had mobile devices stolen.3

2. Integrity

  • 98% of businesses suffered malware attacks.
  • 58% have identified malicious code in their systems.3

3. Availability

  • 27% of companies were victims of Ransomware.
  • 53% experienced distributed denial-of-service (DDos) attacks.3

Threats Can Come From Inside as well as Outside the Organization

  • 28% of attacks involve internal actors.4
  • 33% of employees have not received any form of cybersecurity training.5
  • 59% of organizations report having had a data breach caused by a vendor.6
  • $8.76 million - Average cost of cybersecurity incidents caused by company insiders.7

New Vulnerabilities Are on the Rise


Cryptomining malware was reported as the top cyber threat in 2018.8

Internet of Things (IoT)

  • Just 28% organizations across all industries label their IoT cybersecurity strategy very important.
  • Only 49% have IoT patching policies.
  • Only 47% regularly analyze the risk posed by third-party use of IoT devices.9


The EU’s General Data Protection Regulation (GDPR) is dense, vague, and lacking specific guidance on how to comply. Fines can reach nearly $23 million, or 4% of worldwide annual revenue.10

The California Consumer Privacy Act (CCPA) requires larger businesses inside or outside California to protect the private data of California citizens or face civil penalties of up to $7,500 per violation.11

Note: Determining exactly when and how recent or future regulations such as GDPR or CCPA apply may be difficult until enforcement actions are issued and litigated. Consult your attorney to determine how and when specific regulations may apply to your organization.

Interested in learning how to protect your credit union’s data from these and other threats?

Sign up for our educational email series on cybersecurity insights. We’ll send you information to help your credit union combat threats and empower every employee to defend the confidentiality, integrity, and availability of member data.

1Hiscox Cyber Readiness Report 2018, Hiscox, 2018. Web. 20 December 2018. 2Securing the C-Suite: Cybersecurity Perspectives from the Boardroom and C-suite, IBM. Web. 20 December 2018. 32017 Cost of Cyber Crime Study, Ponemon Institute, 2017. Web. 20 December 2018. 42018 Data Breach Investigations Report, Verizon, 2018. Web. 20 December 2018. 5ESET Survey Reveals Nearly One in Three Americans Receives No Cybersecurity Training in the Workplace, ESET, 1 May 2017. Web. 20 December 2018. 6Opus & Ponemon Institute Announce Results of 2018 Third-Party Data Risk Study, BusinessWire, 15 November 2018. Web. 20 December 2018. 72018 Cost of Insider Threats: Global Organizations, Ponemon Institute, 2018. Web. 20 December 2018. 8April’s Most Wanted Malware: Cryptomining Malware Targeting Unpatched Server Vulnerabilities, Check Point, 5 May 2018. Web. 20 December 2018. 9IoT Cybersecurity Readiness Report, Trustwave, 2018. Web. 20 December 2018. 10 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Official Journal of the European Union, 27 April 2016. 11California Legislative Information, Assembly Bill No. 375, Chapter 55, 28 June 2018.
This resource was created by the CUNA Mutual Group based on our experience in the credit union and insurance market. It is intended to be used only as a guide, not as legal advice. No coverage is provided by this presentation/publication, nor does it replace any provisions of any insurance policy or bond. CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group. Some coverages may not be available in all states. If a coverage is not available from one of our member companies, CUNA Mutual Insurance Agency, Inc., our insurance producer affiliate, may assist us in placing coverage with other insurance carriers in order to serve our customers’ needs. CUMIS Specialty Insurance Company, our excess and surplus lines carrier, underwrites coverages that are not available in the admitted market. Cyber policies are underwritten by Beazley Insurance Group or other nonaffiliated admitted carriers.