Cybersecurity and the board
The ever-increasing array of cyberthreats makes the board’s ongoing involvement in cybersecurity critical.
Although the board may delegate operational functions to management and designated committees, the responsibility for the credit union’s direction remains with the board.
These responsibilities include overseeing the development, implementation, and maintenance of the credit union’s information security/cybersecurity program. With the ever-increasing array of malicious cyber events—phishing attacks, spyware, viruses, worms, ransomware, and distributed denial of service attacks to name a few—the board’s ongoing involvement in the credit union’s cybersecurity program is more important than ever.
As the Federal Financial Institutions Examination Council (FFIEC) notes, “today’s financial institutions are critically dependent on IT [information technology] to conduct business operations. This dependence, coupled with increasing sector interconnectedness and rapidly evolving cyberthreats, reinforces the need for engagement by the board of directors and senior management.”
continue reading »