Government Regulations, Governance, Risk and Compliance

New cyberattack reporting rules for federally insured credit unions unveiled

SecurityWeek reports that all federally insured credit unions are being compelled to notify cybersecurity incidents within three days of discovery under the National Credit Union Administration's updated cyber reporting rules, which will be effective on Sept. 1. Incidents that should be reported within a 72-hour period include those that involve network or system breaches stemming from unauthorized data access, information system tampering, and wrongful exposure of sensitive information, according to the NCUA. Federal credit unions should also report distributed denial-of-service attacks and other intrusions that could result in business interruptions, as well as member account access disruptions stemming from prolonged system malfunction and third-party data breaches within the same period. However, no notifications are needed for averted phishing attacks and other failed cyberattack attempts. "By following these guidelines and implementing the cyber incident notification requirements, your credit union can enhance its overall cybersecurity posture and improve incident response capabilities," the NCUA said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.