NCUA issues final rule on cyber incident notification

February 22, 2023 by Rebecca Tetreau, NAFCU Compliance Blog

On February 16, 2023 the NCUA issued its final rule on cyber incident notification requirements for federally insured credit unions. Compliance teams may not be feeling the pinch, but IT teams might need a hug, depending on who ultimately has responsibility for providing the notice.

The new rule, which was approved unanimously, basically “requires a federally insured credit union to notify the NCUA as soon as possible, within 72 hours, after it reasonably believes that a reportable cyber incident has occurred.” The rule amends Part 748 of NCUA’s regulations and will become effective on September 1, 2023.

The rule adds a few new definitions, including “cyber incident” and “reportable cyber incident,” among others:

Cyber incident is defined as “an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an information system or actually or imminently jeopardizes, without lawful authority, an information system.”

NCUA issues final rule on cyber incident notification

Featured

3 terrible reasons for not teaching financial education in school

Five ways financial education drives brand awareness

Credit unions + financial education = brighter futures

Live event coverage: 2024 NACUSO Network

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!