Financial institutions, including CUs, at elevated risk of cyberattacks

Businessman Looking At Laptop With Ramsomware Word On The Screen

All businesses are vulnerable to cyberattacks, but statistics indicate that financial institutions are drastically more likely than other companies to be the target of malicious attacks designed to shut down their infrastructure and ransomware threats that could potentially cost millions of dollars.

Financial institutions are 300 times more likely than other companies to be targeted by cyberattacks, according to a 2019 report by Boston Consulting Group. “Yet despite the growing need to strengthen information security and cyber resilience . . . many financial institutions are ill equipped to respond effectively,” the report stated. “Building awareness of cyber risks, providing ongoing training, and creating an effective response plan before an attack happens are all crucial aspects of cyber resilience.”

Indeed, there remains challenges for certain financial institutions, particularly smaller-assset-sized credit unions, to beef up their cybersecurity protections. Additionally, cybersecurity risks “are worsened by the increasing diversity of perpetrators — including state and non-state actors, cyber terrorists, and ‘hacktivists,’” according to the Brookings Institution.

While credit unions are already required to implement extensive cybersecurity regulations and requirements, both the FFIEC and the NCUA have previously developed cybersecurity assessment tools, which are voluntary measures credit unions and other financial institutions can use to assess their cybersecurity risk. The framework helps institutions to both assess the vulnerability of their institution to cyberattacks and ensure that appropriate steps are taken to militate against risks.

Given the severity and pervasiveness of the issue, the New York Credit Union Association is hosting a Cybersecurity Workshop at Association headquarters in Albany. “Your Credit Union is Under Attack, Now What?” will be held from 10 a.m. to 4 p.m. on March 26.

During the event, credit union personnel can learn how to take further proactive action to guard against cyberattacks, as well as how to respond to cyber-incidents when they do occur. Attendees will hear from legal, compliance and operational experts who will convene on a panel to discuss the lessons learned and additional steps credit unions can take to better guard against increasingly common attacks.

Participants will learn information about:

  • designing a cybersecurity plan that reflects the specific needs of credit unions;
  • putting a plan into operation;
  • scenarios to test the ability of credit union teams to respond to cyberattacks;
  • legal considerations to keep in mind once a cyber-incident has occurred; and
  • how to best communicate with members about cyberattacks.

Visit the Association’s website for more information or to register for the event.


Leave a Reply