Cybersecurity is increasingly critical for companies, yet there's often a disconnect between spending and actual risk.
Cybersecurity is a critical strategic topic today, as so many companies have been negatively impacted by breaches, leading technology firms to invest millions each year to guard against them. Mortgage Cadence, an Accenture company has spent more than two million dollars over the past year to successfully protect our platform and the lenders who use it.
Even that is not enough to protect companies that don’t adequately prepare their employees to spot unauthorized users attempting to gain access to their systems. Human engineering makes every company vulnerable to these attacks.
You might expect to see lenders of all sizes investing in Information Security. While that is true, we see a clear disconnect between the amount spent on risk mitigation and the size of the actual risk.
Executives in our industry measure and mitigate risks every single day. They understand credit risk, interest rate risk, and a host of other potential problems that could negatively impact their businesses. But contrasting the investment in mitigating familiar credit risks and the investment in cybersecurity unveils that many see investment in cybersecurity as a necessary evil and don’t fully understand the value of their efforts.
Perhaps this is because cybersecurity is a relatively new risk for our industry, but it’s one that will be with us for the foreseeable future. It should be measured and mitigated just like all the other risks our industry faces on a daily basis.
We know that’s not happening yet by looking at the budgets many smaller institutions are setting aside for Information Security.
When a financial institution experiences a data breach, it sets off a number of expensive actions the bank or credit union must take and ultimately ends with a regulator’s fine. Our best data currently puts that fine at over $9 million for the average bank or credit union.
Data currently available about the credit union industry tells us what percentage of revenue they are allocating for InfoSec and for the average credit union in the U.S. it amounts to about $24,500, or half of one full-time employee.
That’s a potential problem.
It is very difficult for an executive in the IT department of one of these institutions to go to management and request a budget for a risk that few consider imminent. In the mortgage industry where finances are very tight, it’s difficult for management to see an immediate value. It’s just a necessary evil that must be kept at the lowest possible cost.
Successful institutions won’t see InfoSec this way in the future. They’ll see it as a continuing investment in protecting their people, their systems, and their customers. By creating a culture that sees security as a value add, they’ll find better buy-in and a stronger security approach.
Working closely with their technology partners, they can keep this cost low, but this is a real risk to their business that must be mitigated. Getting this job right will mean that the next time a bank or credit union makes the news because of a data breach, it won’t be their institution on the front page or their $9 million going to pay a regulator’s fine.
To find out more about the way we think about InfoSecurity and how Mortgage Cadence is actively protecting your institution, reach out to us today.
Follow us on LinkedIn to be notified when our next article is released.
Mortgage Cadence:
Alison Flaig
Head of Marketing
(919) 906-9738