MADISON, Wis., and NEW YORK (10/1/10)--CUNA Mutual Group has teamed up with risk consulting company Kroll to offer credit unions and related organizations a new Cyber & Security Incident (CSI) Package. The CSI Package, now available, pairs a broad insurance policy with two levels of data breach services to protect credit unions and their members in case an internal data breach compromises sensitive member data. "The evolution of the cyber world and virtual servicing is creating an emerging set of new risk exposures for credit unions," said Chuck Cashman, director in CUNA Mutual's Credit Union Protection Product Management. Stolen laptops, employee sabotage, network hackers, lost data disks and negligent data disposal are some of the potentially catastrophic risks credit unions face, said the insurance and financial services company. "These risks are linked to security incidents or direct breaches of credit union data, unlike the highly publicized third-party data breaches at retailers or merchant processors," Cashman said. "An internal data breach can result in more than lost data. It can damage a credit union's reputation, shake members' trust and cost tens of thousands of dollars to repair," he added. According to the Identity Theft Resource Center, 42 data breaches involving financial institutions have occurred in 2010, well on the way to surpassing the 62 incidents in 2009. The 2008 CUNA Technology & Spending Report from the Credit Union National Association stated that more than 40% of credit unions experienced at least one incident of identity theft in 2008. The package has two available policies that address losses not typically covered by traditional insurance policies. The entry-level CSI Basic Policy and the more robust CSI Advantage Policy both contain liability and expense insurance components manufactured and underwritten by CUMIS Insurance Society Inc., a member of the CUNA Mutual Group. These options are available with either CSI policy:
* Security breach liability; * Website publishing liability; * Replacement/restoration of electronic data; * Extortion threats; and * Business income and extra expense.
These options are available only with the CSI Advantage Policy:
* Programming errors and omissions liability; * Public relations expertise; * Security breach expense; and * CUMIS Advantage endorsement.
Upon CSI policy acceptance, the New York-based Kroll will provide data breach services. Its online Incident Preparedness resources will help credit unions benchmark data security levels, identify weak spots and heighten breach exposure awareness. Kroll also offers the Incident Response & Recovery Service that will rapidly trigger a defensible investigation of data loss and methods to communicate required details and desired safeguards to affected members. It will work with the credit union on these best practices:
* Intentional attack investigation/pursuit and recovery of data; * Evidence collection and incident evaluation; * Identification of the impacted audience; * Incident containment guidance; * State-specific breach notification legislation expertise; * Contact information update and standardization for improved notification results; and * Public relations expertise to deliver a controlled, consistent message.
Krolls' Member ID Consultation & Restoration Services is also available to deliver consistent information to members about their credit union's data loss, along with personal access to licensed investigators for expert answers and full-service restoration for members experiencing identity theft due to the incident. The policies were designed after feedback from 75 credit unions.