Go to:

July 2018
< Jun Aug >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

No Need for Accounting—The Cybersecurity Innovators’ New Business Model
Wednesday, October 21, 2015 6:25 AM

Cyber Security Model

By Idrees Rafiq, Jr., AVP IT Consulting, Credit Union Resources, Inc.

With the recent attention to cyber security, most of my conversations with credit unions and presentations have been focused on justifying the need for cybersecurity expenditures. Many small- to medium-sized credit unions have approached information technology and cybersecurity threats with a standard return on investment model.

Although the dependency on information technology and risk exposure to cyberthreats continue to increase, the staffs’ information technology knowledge base and/or budget have not. A simple update to the strategic planning and approach to the current business model may be needed.

Approximately 15 years ago, I took a position overseeing the information technology department for a small business with an international presence. Much like credit unions, the small business operated on an extremely fixed budget. One of the first items I recognized that needed remediation was the lack of a firewall. After presenting my cost benefit analysis as requested, the project was denied. Within two months, the lack of a firewall resulted in the network, along with all of its business functions, coming to an abrupt halt for approximately three days.

Soon after I recovered from sleep deprivation, I was informed the firewall was approved. Moreover, information technology had become a line item in the budget, and part included in the strategic planning sessions.

Here’s another example: A cyber security professional develops a technology that will revolutionize how credit unions can protect themselves. This professional is incredibly excited, starts selling the tool, and traveling the country successfully deploying it. An investor comes along and asks to see his “numbers.” 

The cybersecurity professional replies, “Numbers? I’m not good at all of that credit/debit stuff. Accounting was my worst subject in college, so I don’t bother with it. Plus, an accountant and the software they will need are expensive and a sunk cost. I know I am doing well because I have money in my account.”

Although there is an obvious need for accounting, the owner of this small business doesn’t see the need. An adjustment to how the company conducts business needs to be made.

Ultimately, if you’re operating in a status-quo business model, you may want to reconsider what “status quo” means in your next strategic planning session. Include the evolution of dependency on information technology, the evolution of cybersecurity threats, and the regulatory requirements in the pipeline.

This article was posted on the Credit Union Resources blog on Sept. 28, 2015, by Idrees Rafiq, Jr., AVP IT Consulting, Credit Union Resources, Inc. If you have questions, please contact Idrees at

Credit Union Resources is a wholly owned subsidiary of Cornerstone Credit Union League. Whether you're looking for an effective advertising campaign, sales materials, new lending products, technology solutions, auditing services, a hands-on compliance partner, strategic planning assistance, a shared-branching presence, or staffing and operational support, Credit Union Resources has was you need at a price you can afford. Your business, our focus, expert solutions. For more information, please visit