Due to the increased frequency and severity of cyberattacks on the financial services sector, the NCUA Board is proposing to require a federally insured credit union that experiences a reportable cyber incident to report the incident to the NCUA as soon as possible and no later than 72 hours after the federally insured credit union reasonably believes that it has experienced a reportable cyber incident. This notification requirement provides an early alert to the NCUA and does not require credit unions to provide a detailed incident assessment to the NCUA within the 72-hour time frame.
MEMBER BENEFIT: Click here to read NASCUS’s summary of the proposed rule.
Proposed Rule: Cyber Incident Notification Requirements for Federally Insured Credit Unions
Due to the increased frequency and severity of cyberattacks on the financial services sector, the NCUA Board is proposing to require a federally insured credit union that experiences a reportable cyber incident to report the incident to the NCUA as soon as possible and no later than 72 hours after the federally insured credit union reasonably believes that it has experienced a reportable cyber incident. This notification requirement provides an early alert to the NCUA and does not require credit unions to provide a detailed incident assessment to the NCUA within the 72-hour time frame.
Details