ALEXANDRIA, Va. (8/20/14)--With National Credit Union Administration examiners trying to identify and assess cybersecurity risks, the agency has released a list of cybersecurity areas examiners look at. The information is featured in this month's The NCUA Report.
The assessment includes the following questions:
The article also recommends credit union management consider the possibility of cybersecurity insurance, which should cover costs associated with business interruptions, legal fees, public relations initiatives and hiring of additional staff or vendors.
A recent Ponemon Institute study cited by the agency estimates the average cost of a data breach is $3.5 million, which includes costs for investigations, notifications to members and reissuing credit and debit cards.
The NCUA Report also featured monthly commentary from Chair Debbie Matz. Her column listed several aspects of the agency's risk-based capital proposal that would likely be changed in response to feedback received through comment letters and the three Listening Sessions held during the summer.
She acknowledged that all risk weights in the proposal should be reviewed, and that the agency is considering lowering risk weights for investments, mortgages, member business loans, credit union service organizations and corporate credit unions.
"Examiners would have to undergo a rigorous process to convince their supervisory examiner, regional director and ultimately the NCUA board, if they believe a credit union needs to hold more capital than required by regulation," she wrote.
She also said the rule's implementation period will go "well beyond" the originally proposed 18 months, and that it would be enough time to give the NCUA time to update the call report system, train examiners on the revised rule and allow affected credit unions time to adjust their balance sheets.
This month's NCUA Report also contains:
Use the resource link below to access the full issue.