Manage third-party cyber risk: 4 tips

Early detection and notification are essential to guard against cybersecurity threats.

Third-party cybersecurity threats continue to be a top concern for financial institutions everywhere.

Just last month, NCUA Chair Todd Harper spoke about the $2 trillion in assets that are exposed to risks, in part because the agency doesn’t supervise third-party vendors.

The responsibility of managing third-party risk lies with credit unions, who will soon need to comply with cyber incident reporting requirements. The NCUA final rule, which goes into effect Sept. 1, 2023, states that federally insured credit unions (FICUs) will have 72 hours to report cyber incidents to the agency.

According to the 32-page rule, “This rule does not impact existing contractual relationships. While the proposed rule asked FICUs to share how third parties provide notice to FICUs in the event of a cyber incident, there is no requirement in the proposed or final rules that FICUs amend existing contracts to comply with this rule.”

 

continue reading »