Every time we go to the grocery store, we’re reminded about the rising costs of groceries. Meat, eggs and even butter prices have all suffered at the right hand of inflation. In fact, according to the U.S. Bureau of Labor Statistics’ Consumer Price Index, eggs increased 70 percent from 2022 to 2023, while chicken increased 10.5 percent.
Each time we go to the gas station to fill up our tanks, we’re reminded about the rising costs of fuel. In January, gas prices were higher than usual for winter, with the average price hoovering near $3.50 per gallon.
You know all of this, though, because for months, we’ve all been hearing about inflation and the increase in prices at grocery stores and the pumps, but there’s another emerging crisis lurking in the shadows that is increasing in costs as well — cyberattacks.
Cyberattacks, which can include ransomware, phishing, trojans, business email compromise (BEC), etc., can cause millions of dollars in damage to financial institutions, and that’s not including the reputational costs that come with cyberattacks.
I know what you might be thinking: I’m not a big financial institution, so I don’t really need to worry about this. Nobody will target a small credit union.
But you would be incorrect because, while you may be a smaller institution, this is absolutely a concern for your credit union. In fact, there are multiple reasons why cyberattacks should be a majorconcern of financial institutions of all sizes.
The Financial Costs
There’s no question about it; cyberattacks are expensive. These monetary costs can begin to accumulate from multiple sources:
- The actual attack. Cyberattacks cost financial institutions in the United States on average nearly $9.44 million, according to a recent study by IBM, which is outlined in its 2022 Cost of a Data Breach report. Not only do these financial institutions have to pay for the costs incurred by the attacks, but they also have to account for the costs of protecting their institutions from future attacks because it’s possible these institutions could get targeted more than once. And those are just the financial costs to one institution. You also have to consider the cost to the financial infrastructure throughout the world.
Jerome Powell, chairman of the Federal Reserve, expressed this same concern about cyberattacks in early 2020 during a House Financial Services Committee meeting. During the meeting, it was noted that if bad actors attacked one major financial institution or a core processor, then that could lead to an attack on other, connected financial institutions. These connected attacks could result in the entire shutdown of a sector in the financial industry. In response to this, Chairman Powell stated that cybersecurity needs to be a top concern.
- Interruption of daily activities. If there is a cyberattack on your credit union, your daily activities will be impacted. There’s no question about it. Depending on the type of attack, instead of approving wires or serving members’ needs, you may have to notify members, employees, federal regulators and even law enforcement of the attack. You might also have to manage damage control or coordinate an investigation, which will take time and resources away from your day-to-day activities.
That’s assuming that you can conduct your normal activities. If you’re facing a ransomware attack, you may not even have access to any of your data or business information. And we all know that if you can’t conduct your normal, daily activities, your members, employees and bottom line are all going to suffer.
- Possible extensive downtime resulting from the attack. Not only are your day-to-day activities going to be interrupted, but your credit union will need time to recover. You’re going to have to investigate the attack and make sure that there is no remanence of the attack or bad actor left in your systems, all the while attempting to serve your members.
If there is a ransomware attack, your credit union won’t be able to operate at all until you’re able to access your backups — assuming you have backups that haven’t been compromised. Your downtime will uniquely be impacted by the type of attack as well as how and where your data is backed-up.
The Reputational Risk
In addition to your credit union being on the hook for financial costs, your reputation is on the line too. It is possible that your members could lose trust in your credit union if they hear that a data breach or a cyberattack occurred. They’ll be worried about their sensitive information being compromised, as well as your ability to protect the credit union from future attacks. This is especially possible if this news about the attack comes from an outside source and not from your credit union. If they find out about the attack from an outside source, they’ll also be skeptical that your credit union isn’t trustworthy or honest.
If potential members catch wind of the attack, they may be less likely to choose your credit union as their financial institution. There are plenty of options out there to meet people’s financial needs, which is why it’s important to consider the reputational costs that are incurred with a cyberattack as well as the financial costs.
The bottom line is this — cyberattacks are costly, in a variety of ways. While we consistently see and hear about the rising costs of groceries and fuel, the costs of cyberattacks may not be realized until it’s too late. Your financial institution needs to be prepared to shoulder these costs before the attack occurs because it’s no longer a matter of if an attack happens, it’s a matter of when.
John Cuneo is information security director for Vizo Financial. With over 10 years of information technology experience, Mr. Cuneo is well-versed in conducting information system risk assessments, providing security awareness training and analyzing security controls and reports.