During 2005, a third of credit unions said they had to dedicate more than 100 hours of staff time to handling data security breaches, according to results release by NAFCU.
Twenty-five percent of the respondents indicated they had dedicated 51 to 100 hours of staff time to the task, while 17% said they had dedicated between one and 50 hours of staff time to security breaches. Twenty-five percent said they did not have to allocate any time to the problem.
NAFCU said that it found that while only 5% answered that they needed to hire additional staff to deal with security breaches last year, an additional 10% said they are planning to do so in 2006.
Among the other findings from NAFCU's Flash Report:
* Forty-six percent of the credit unions indicated that they have completed a risk-assessment of their Internet-based financial products and services, while 27% said they are in the process of completing a risk assessment and will finish it by the end of 2006. The remaining 27% said they are planning to begin a risk assessment in the near future and plan to have it completed by the end of this year.
* 45% indicated that they hired a third party to perform the risk assessment. Of those that hired a third party, slightly more than half spent $10,000 or more on the risk assessment.
NAFCU reported that 74% of the responding CUs are planning to implement additional security measures based on the results of their risk assessment.
Of those, half of the CUs are using layered security measures on their web-based products and services, while 31% are using shared secrets. Other measures include tokens (14%), one-time passwords (8%), and biometrics (6%).
Credit unions are educating their members about data security issues, NAFCU found. Eighty-three percent said they have materials on their website.
Additionally, 39% responded that they hold member seminars, 26% inancial counseling, and 18% statement stuffers. have it completed by the end of this year.
