The National Credit Union Administration (NCUA) released its annual Cybersecurity and Credit Union System Resilience Report, summarizing the current cybersecurity threat landscape within the credit union market segment.
In the report, the NCUA highlighted the agency’s key cybersecurity initiatives and described the agency’s continuing efforts to enhance cybersecurity preparedness and resilience among covered institutions. The agency frequently assesses institutions’ ability to respond to cyberattacks as a standard part of its supervisory examinations.
“In the face of an ever-evolving cybersecurity threat landscape, the need for ongoing vigilance in the credit union sector cannot be overstated,” NCUA Chairman Todd Harper said in a statement. “The NCUA is committed to ensuring consistency, transparency, and accountability in its cybersecurity examination program and related activities. Further, over the last several years the NCUA has made major strides in promoting a culture of cybersecurity awareness and resilience among credit unions.”
The agency is required by the Consolidated Appropriations Act of 2021 to issue a report on cybersecurity resilience. The report provides information on:
- NCUA policies and procedures to address cybersecurity risks and activities.
- Cybersecurity resilience within the credit union system.
- Current and emerging threats.
- NCUA’s collaboration with other federal agencies, industry stakeholders, and cybersecurity experts.
“At each examination, the NCUA performs an information security review using the (Information Security Examination) ISE program,” the report states. “The ISE program uses a risk-focused, scalable approach to examine credit unions’ information security programs, which provides examiners the flexibility to focus on areas of current or potential material risk relevant to each credit union’s unique business model.”
The NCUA plans to continue requesting for Congress to create legislation to enable the agency to supervise and examine third-party service providers.
“This sensible statutory change would significantly improve supervisory oversight and bolster our ability to mitigate cybersecurity risks, ultimately enhancing the credit union system’s overall security posture and the protection of critical infrastructure in the United States more broadly,” Harper said.
The agency said it remains committed to fortifying cybersecurity resilience through targeted examinations, comprehensive risk assessments and educational outreach initiatives.