How to Automate Your Yearly FDIC/NCUA Vendor Due Diligence
Every small bank and credit union regardless of asset size has to perform yearly due diligence research on each of their critical vendors. We know as
3 min read
Robby Stevens : 16 Oct 2018
Last month, we had the pleasure of sponsoring CUNA’s annual Technology and Operations & Member Experience Council Conference in San Francisco.
Tech conferences are an event I take particular amusement in – partially because I’m a proud nerd for new technology, but most definitively because of the environment CUNA has been able to culminate: an approachable group of peers arranged of familiar clients, new faces of like-minded individuals, and those select (and often times, hilarious) few that bounce from booth to booth seeking knick-knacks and swag for kids and grandkids.
Aside from the scheduled talks and events hosted at the conference, the part of the experience that always sticks to my mind are the conversations I have with credit union employees.
Although this fact was no different this year, the type of conversations I had very much were.
These conversations all centered around roles and responsibilities. When asked, it was repeated from nearly every IT professional, as if almost scripted: “I’m tasked to do pretty much everything IT-related.”
The sample of CUNA attendees represents most IT personnel employed at credit unions sized between $50M and $2B in asset size. IT managers, hired initially to administer networks, configure servers, and solve all-around communications issues, now shoulder the responsibilities more suited to a Chief Information Officer, or even a Chief Information Security Officer. These folks are stretched – often times heralding the entire operation themselves, or with only a small team supporting them.
So why is this?
The answer can be attributed to a few distinct causes.
The first is the small fraction of available of IT professionals. By 2021, it is estimated that there will be 3.5 million unfilled cybersecurity jobs – up from 1 million openings in 2016. This is due in part to the rising popularity of targeted cybercrime and the exorbitant number of data security breaches in the last two years. Simply put, the amount of qualified personnel cannot keep up with the demand needed in the cybersecurity economy.
The second is the cost of these individuals. Finding someone with experience in cyber defense who has also the necessary certifications needed to fill a position of that caliber can take a large bite out of the budget – especially if your asset size is less than $250 million. The average cost of a full-time CISO in the U.S. is a staggering $218,000 (and that number grows higher as you move into major metropolitan areas).
These two factors are the true reason why we see so many IT professionals employed at credit unions stretched so thin; they wear every metaphorical hat in the department and work outrageous, stress-filled hours.
Nearly every single one of them needs one of three things:
a. More employees on their team
b. More hours in the day
c. An affluent beneficiary on the scale of Great Expectations to bequeath them with enough riches to retire on a private island.
But, as stated above, staffing an in-house position able to take over a major portion of the load is not easy. It can often take over a year to find someone eligible, and even then, it’s at the cost of a healthy chunk of your budget.
At Rivial, we believe the need to remedy this pain lies not in pursuing a full-time IT professional, but in outsourcing a portion of your workload to a virtual CISO company. It saves your credit union the investment of hiring and training an individual (an individual in high-demand who will be continually receiving competitive offers) and it frees up the time of your current staff to focus their attention on what truly matters to your business. Lastly, there won’t be a quarter of a million dollar price tag attached.
We spent most of our time at the conference pitching this idea to all the people in this same boat. We showed them how Rivial has been able to save credit unions just like their’s hundreds of hours of work and tens of thousands of dollars through outsourcing to a Virtual CISO suite. It all received a very positive reception, most notably when it came down to our cybersecurity compliance.
Everyone we talked to was ecstatic at the opportunity to wash their hands of compliance in general. Aside from the day-to-day scramble, we cited audit prep as the biggest contributor to workplace stress amongst the folks we talked to. When they heard we would handle everything, from collecting and storing evidence to actually meeting with their auditor for them, most couldn’t wait to receive more information about it.
CUNA Tech 2018, you were very good to us – and you bet we’ll be back next year!
If you’d like to hear more about how Rivial’s award-winning compliance process is changing the way credit unions approach their IT Audit, click here, or reach out to us below.
Every small bank and credit union regardless of asset size has to perform yearly due diligence research on each of their critical vendors. We know as
“Together, the Cybersecurity Workforce Estimate and Cybersecurity Workforce Gap suggest the global cybersecurity workforce needs to grow 65% to...
The term “zero trust” is becoming increasingly common in cybersecurity circles. But what is zero trust, and why is it important? In this blog post,...