LAS VEGAS (4/22/13)--Credit union service organizations expanding their fee-based services to increase revenues must recognize that such expansion also creates increased risk exposure to professional and cyberliability, a CUNA Mutual Group speaker told a National Association of Credit Union Service Organizations Annual Conference breakout session Thursday.
"The current economy has people looking for any reason to sue," said Jim Hunt, CUNA Mutual Group staff underwriting specialist. "Directors and officers of CUSOs must understand the financial and reputational impact a loss will have on their CUSO."
Professional liability could arise from neglect or an act, omission, error, breach of duty, misstatement or misleading statement made by directors, officers or employees of a CUSO. "Even a seemingly small, inadvertent error or unintentional oversight can result in costly legal action against your credit union or CUSO," Hunt said.
Likewise, as CUSOs expand e-commerce activities and become responsible for safeguarding more confidential data, so does the risk of cyberattack, data breaches and viruses. Hunt said types of cyberexposures include:
- Privacy rights violations: Unauthorized disclosure of confidential information;
- Damages to a third party's data;
- Social media errors;
- Human errors; and
- First-party losses, such as public relations and security breach expenses.
Between 2009 and 2011, the financial services industry was the No. 1 targeted business sector with 37% of records exposed and an average cost per breach of $3.7 million, according to an October 2012 NetDiligence study of 137 cyberliability and data breach events.
"Data security breaches can occur from situations that your chief information officer has absolutely no control over, such as improper disposal of data, lost or stolen electronic assets or rogue employees," Hunt said. "One data breach could wipe out your CUSO, if you're not protected."
To avoid these exposures and related losses, CUSOs should ask themselves about their fee-based services, their potential risks, and steps to take to minimize them, Hunt said. They include examining processes and arrangements with third-party vendors.
Hunt advised CUSOs to obtain professional liability and cyber liability insurance coverage as part of their overall protection strategy.