At the ninth National Credit Union Administration (NCUA) open Board meeting for 2019, the Office of Examination and Insurance and the special advisor to the Chairman for cybersecurity briefed the Board on cybersecurity challenges and opportunities.

As part of the brief, the NCUA stated it is developing a long-term plan to provide training and information to better prepare the agency and credit unions to meet the increasing threats facing credit unions and their members. The brief also showcased an increase in attack methods, such as malicious insiders and ransomware, as well as an estimated increase in IT security spending for 2019.

In addition, four current NCUA cybersecurity priorities were emphasized:

  • Advancing consistency, transparency and accountability within the cybersecurity examination program;
  • Encouraging due diligence for supply chain and third-party service provider management at credit unions;
  • Assisting institutions with resources to improve operational hygiene and resilience; and
  • Ensuring NCUA's systems and collected, controlled, unclassified information are secure.

Cybersecurity has been an NCUA supervisory priority for many years. The NCUA's Board Action Bulletin directs readers to the 2019 Supervisory Priorities letter, 19-CU-01. In this letter, the NCUA states it will continue to conduct information security maturity assessments with the Automated Cybersecurity Examination Toolbox (ACET). As part of the brief, the NCUA also projected a plan to implement the ACET in credit unions with an asset size of $100 million to $250 million in 2020 and the remaining credit unions in 2021, before reaching what they call a "decision point."  

For additional information, visit: