NCUA Approves Reportable Cyber Incidents
Reportable Cyber Incidents – The NCUA approved a final rule, effective September 1, that requires federally insured credit unions to notify the NCUA as soon as possible, within 72 hours, after it reasonably believes that a reportable cyber incident has occurred. Under the final rule, federally insured credit unions are required to report a cyber incident that leads to a substantial loss of confidentiality, integrity, or availability of a network or member information system as a result of the exposure of sensitive data, disruption of vital member services, or that has a serious impact on the safety and resiliency of operational systems and processes. Additionally, cyberattacks that disrupt a credit union’s business operations, vital member services, or a member information system must be reported to the NCUA within 72 hours of a credit union’s reasonable belief that it has experienced a cyberattack.
|