How Credit Unions Can Prepare for Cyber Risks

Zackary Loughlin | November 11, 2014 | tag: Benchmarking

Credit unions are facing increasing numbers of cyber attacks according to a survey for NAFCU’s October Economic & CU Monitor. This survey found that nearly 84% of respondents were operationally impacted by a local data breach within the last two years. While these effects may not garner the same headlines as large breaches affecting corporations such as Target and Home Depot, they have the opportunity be just as damaging for smaller financial institutions like credit unions. In addition, credit unions have the same sensitive information as other financial institutions, including credit and personal information. Credit unions are also facing daunting regulatory requirements, which at larger banks are often handled by entire risk and compliance teams. This increased threat landscape and regulatory pressures has, as we have noted before, elevated cyber risk issues to the board level.

So with credit unions facing constant threats, regulatory oversight, and increased board involvement, how can they effectively address these mounting issues? In this post, BitSight provides three tips to credit unions to enable them to tackle the issue of cyber risk:

  • Implement a continuous monitoring solution. The NCUA recently stated that it would be placing more emphasis on the cybersecurity exam process. Credit unions will be expected to implement the appropriate risk mitigation controls to better prevent, detect, and recover from a cyber attack. By understanding security posture with continuous monitoring credit unions can better demonstrate their cybersecurity effectiveness in these exams, while also having perspective on historical performance trends over time.

  • Benchmark security performance against peer credit unions. Credit unions need to constantly evaluate key financial and operational metrics through performance benchmarking. So why not cybersecurity? By benchmarking key security metrics against peer institutions, security and risk teams can better understand industry threats and communicate performance across their organization.

  • Provide actionable cyber security KPI’s to the boardNational Credit Union Administration Board Chairman, Debbie Matz, noted in her speech at the Governmental Affairs Conference that cybersecurity is a top priority for credit unions. This means that Board members need to be involved. The challenge here is some board members may not feel adequately prepared to interpret these risks. With actionable and easily understandable metrics, such as event remediation, boards can begin to have a comprehensive perspective on their organization’s cybersecurity posture in relation to peers. Such metrics can better inform board members to make effective risk mitigation decisions. 

By adopting some continuous monitoring and benchmarking capabilities, credit unions can begin to fulfill regulatory requirements and better prepare them to answer the crucial question: Am I really secure?

security ratings

Suggested Posts

Cybersecurity for Executives: How to Talk to Leaders About the Importance of Risk Management

The red lights are flashing everywhere. News stories are warning about a sharp rise in ransomware attacks, a 2000X fold increase in cybersecurity breaches, and more cyber-related doomsday scenarios. Meanwhile, the Biden Administration...


How to Make a Successful Case for Cybersecurity Funding

With cyberattacks on the rise, security investments are more important than ever. Still, the pandemic has forced many organizations to reconsider how they allocate their IT dollars. Between the new work-from-home paradigm and the...


What Are Security Ratings?

Security ratings, or cyber security ratings, are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address...


Get the Weekly Cybersecurity Newsletter.