Cybersecurity Oversight: A Priority for Credit Union Boards
John Giordani, DIA
Doctor of Information Assurance -Technology Risk Manager - Information Assurance, and AI Governance Advisor - Adjunct Professor UoF
The recent letter from NCUA Chairman Todd M. Harper emphasizes the critical need for proactive cybersecurity governance across credit unions. As cybersecurity threats evolve rapidly, credit unions are urged to prioritize cybersecurity oversight as a top responsibility of their boards of directors. This directive, backed by an alarming increase in cyber incidents, underlines that effective cybersecurity is not merely a technical requirement but a governance and risk management priority for protecting our members and maintaining trust.
Chairman Harper's 24-CU-02 letter sets forth clear directives and actionable areas for board engagement in cybersecurity. Here’s my interpretation of the NCUA’s recommendations and key steps credit unions should consider to comply with the guidelines effectively.
Key Takeaways and Actionable Steps for Credit Union Boards
1. Recurring Cybersecurity Training and Awareness
2. Comprehensive Information Security Program Approval
领英推荐
3. Oversee Operational Management with Cyber Resilience in Mind
4. Comprehensive Incident Response Planning
My Perspective
The letter from Chairman Harper reminds us how important the board’s role is in protecting credit unions against this growing risk. The IT department is the traditional guardian of credit union cybersecurity, and boards need to stop seeing this as an IT issue and consider it an enterprise wide governance issue. Creating an environment where cyber resilience is an organizational priority will help credit unions protect member assets and the credit union philosophy of ‘people helping people’.
By taking these steps, the board can help ensure that the credit union has a robust cybersecurity posture that protects the credit union and its members. This helps credit unions meet regulatory requirements and maintain the trust and stability essential to our operations and our industry.
Given the ongoing developments in cybersecurity, credit unions are encouraged to take full advantage of the NCUA resources and other cybersecurity frameworks. I challenge credit unions to keep cybersecurity on the front burner this October and throughout the year to ensure credit unions are ready for new challenges where our members’ safety and security is concerned.
Senior Managing Director
2 周John Giordani, DIA Very interesting. Thank you for sharing