Newsroom

NCUA on Monday said it plans to increase its emphasis on cybersecurity with enhancements to its examination process in place by late 2017 and encouraged credit unions to make use of the Federal Financial Institutions Examination Council's cybersecurity assessment tool.

NCUA said it will keep credit unions informed as changes to its cybersecurity examinations are incorporated. The agency started examining credit unions' cybersecurity efforts this summer.

During the NCUA Board meeting last month, the agency reiterated that the FFIEC tool remains voluntary for credit unions. The board received a special cybersecurity briefing, which explained that credit unions' cybersecurity exams will vary and might include a routine look at the cybersecurity assessment tool and a privacy and payment systems assessment. More-specialized, risk-focused cyber reviews will dive deeper into these areas using structured NCUA or FFIEC tools.

This summer, NAFCU created a new, user-friendly interactive workbook for credit unions using this tool. The workbook, a member-only resource, takes all the information from the FFIEC document and loads it into a shareable, fillable Excel spreadsheet that is self-tallying; the spreadsheet can then show the credit union's cybersecurity risk assessment and the maturity of its cybersecurity controls.

In recognition of National Cybersecurity Awareness Month, NCUA said FBI's Internet Crime Complaint Center reports receiving more than 3.5 million complaints about cyberattacks since its inception in 2000. Last year, the Center received more than 288,000 complaints, with reported losses of more than $1 billion.