ARLINGTON, Va.—NCUA’ s examination “burden” and a look at the increased number of CIOs within the credit union community are both featured in a new report from NAFCU.
The trade association’s latest Economic & CU Monitor included credit union feedback on cybersecurity exams and proposed legislation addressing ransomware attacks.
According to NAFCU’s analysis of the responses, given NCUA’s continued prioritization of cybersecurity as a supervisory concern, “it is not surprising that the portion of exams and the document requests related to this topic have each grown in recent years.”
While 43% of respondents view NCUA’s InTREX-CU exam as “more burdensome overall” relative to previous cyber exams, 29% considered it “less burdensome.” When asked how they benchmarked cybersecurity capabilities and gaps when not using the NCUA’s Automated Cybersecurity Examination Toolbox (ACET), credit unions offered alternatives including IT audits, NIST Cybersecurity Framework, PCI standards, as well as a few other options. Based on a comparison of ACET scores reported in 2019, the results suggested that “the overall level of cybersecurity maturity is improving as measured by the highest maturity level sustained across all five domains in the assessment,” NAFCU said.
Worthy of Note
Of note, respondents shared their take on cybersecurity legislation aimed at improving cyber incident reporting across economic sectors, to which the group shared a general desire (93%) for consistency with NCUA regulations, NAFCU said.
Meanwhile, the survey also found the share of respondents with a dedicated chief information officer grew from 35% in 2019 to 56% in 2021.