CUNA supports NCUA efforts to minimize the impact of cyberattacks on members and the credit union system through early alerts and information sharing, it wrote to the agency Monday. CUNA’s comments are in response to NCUA’s proposed rule that would require federally insured credit unions to notify NCUA of “reportable cyber incidents” within 72 hours of establishing “reasonable belief” that one has occurred.
“We are largely supportive of this proposal and appreciate the NCUA’s tailored focus on cyber incidents that interfere with the operations of a credit union and their member service,” the letter reads. “The final rule should provide clear and specific instructions to credit unions stating exactly what information should be reported. Also, the rule should limit duplicative reporting requirements and reduce the reporting burden for credit unions.”
CUNA also notes:
CUNA also requests NCUA provide additional guidance on how agency examiners will assess reported incidents during annual examinations.