Managing Credit Union Cybersecurity at Small & Medium Size CU's

In 2017, the National Credit Union Administration developed a tool to help credit unions assess their level of credit union cybersecurity preparedness. Designed for the credit union industry, the Automated Cybersecurity Examination Tool is a great resource to help credit unions to evaluate their preparedness. However, in 2018 the NCUA is using it to review credit unions larger than $1 billion in assets and will be refining the tool to see if it will scale properly for small and medium-size credit unions. With this tool on the map for all credit unions, what should we know now?

According to NCUA's announcement, the tool will provide a process that is "repeatable, measurable and transparent" that will help to improve and standardize the "supervision related to cybersecurity in all federally insured credit unions." Use of the tool is voluntary, and the information initially gathered will serve as a benchmark for future assessments and for improvement of the tool itself. It will also provide information on areas of cybersecurity that need more focus and improvement, more supervision, or are doing well. The tool also has the ability to be refined or scaled to match the size and overall complexity of each credit union.

The new NCUA Cybersecurity tool is composed of two parts, similar to the FFIEC tool:

1. The Inherent Risk Profile and the Cybersecurity Maturity level.  The Inherent Risk Profile will help to assess a credit union’s risk exposure by evaluating the type, volume, and complexity of a credit union's operations. 
2. The Cybersecurity Maturity portion of the tool is designed to measure a credit union’s level of risk and corresponding controls. There are five levels that range from "Baseline" up through "Innovative."

Cybersecurity is an important consideration for any credit union. Managing security risk for your credit union can be simplified and enhanced not only through the tool mentioned above, but also by partnering with a technology provider that has your best interests in mind. One that has services in place to help you remain compliant and secure.