Breaches of security in Savings and credit cooperative societies (SACCOs) continue to take an upward trend as reports indicate that these organizations continue to position themselves to fully adopt Information and communication technologies to assist in performing back-end operations more effectively. As report further indicate, these SACCOs still lack behind their counterparts in mainstream banking sector as far as investments towards mitigation of security risks are concerned. The SACCO industry therefore is exposed to security threats. In order to reduce these exposures to security threats in SACCOs, there needs to be mechanisms through which these organizations can assess their posture as regards to how exposed they are and what actions they need to apply. This research offers a solution by developing a model for computing the security risk exposure index (SREI). A descriptive research design was used in this study where the target population was 50 respondents. Structured questionnaires were used in the study to collect quantitative primary data which the researcher analyzed using both descriptive and inferential statistics. Descriptive statistics, on one hand, used frequencies and percentages while inferential statistics, on the other hand, was used to analyze the correlation between the independent variables and the dependent variable (SREI). The study established six out of eleven ISO 27001 cardinal control factors were most critical to SACCOs. The study established a negative correlation between each of the six factors and the dependent variable. Therefore, this study recommends the use of the Security risk exposure index (SREI) model to indicate exposure in SACCOs and recommend appropriate actions to achieve security risk maturity.