How Credit Unions Can Prepare for Cyber Risks

Credit unions are facing increasing numbers of cyber attacks according to a survey for NAFCU’s October Economic & CU Monitor. This survey found that nearly 84% of respondents were operationally impacted by a local data breach within the last two years. While these effects may not garner the same headlines as large breaches affecting corporations such as Target and Home Depot, they have the opportunity be just as damaging for smaller financial institutions like credit unions. In addition, credit unions have the same sensitive information as other financial institutions, including credit and personal information. Credit unions are also facing daunting regulatory requirements, which at larger banks are often handled by entire risk and compliance teams. This increased threat landscape and regulatory pressures has, as we have noted before, elevated cyber risk issues to the board level.

So with credit unions facing constant threats, regulatory oversight, and increased board involvement, how can they effectively address these mounting issues? In this post, BitSight provides three tips to credit unions to enable them to tackle the issue of cyber risk:

  • Implement a continuous monitoring solution. The NCUA recently stated that it would be placing more emphasis on the cybersecurity exam process. Credit unions will be expected to implement the appropriate risk mitigation controls to better prevent, detect, and recover from a cyber attack. By understanding security posture with continuous monitoring credit unions can better demonstrate their cybersecurity effectiveness in these exams, while also having perspective on historical performance trends over time.

security ratings snapshot example

Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.

Get Your Rating
Button Arrow
  • Benchmark security performance against peer credit unions. Credit unions need to constantly evaluate key financial and operational metrics through performance benchmarking. So why not cybersecurity? By benchmarking key security metrics against peer institutions, security and risk teams can better understand industry threats and communicate performance across their organization.

  • Provide actionable cyber security KPI’s to the board. National Credit Union Administration Board Chairman, Debbie Matz, noted in her speech at the Governmental Affairs Conference that cybersecurity is a top priority for credit unions. This means that Board members need to be involved. The challenge here is some board members may not feel adequately prepared to interpret these risks. With actionable and easily understandable metrics, such as event remediation, boards can begin to have a comprehensive perspective on their organization’s cybersecurity posture in relation to peers. Such metrics can better inform board members to make effective risk mitigation decisions.

  • By adopting some continuous monitoring and benchmarking capabilities, credit unions can begin to fulfill regulatory requirements and better prepare them to answer the crucial question: Am I really secure?