The new policy, NCUA announced, comes into effect on September 1, and will cover all incidents that impact information systems or the integrity, confidentiality, or availability of data on those systems.
“Beginning on September 1, 2023, all federally insured credit unions must notify the NCUA as soon as possible, and no later than 72 hours, after the credit union reasonably believes it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident,” the NCUA announced.
NCUA defines reportable incidents as those leading to network or system compromise following unauthorized access to or exposure of sensitive information or to the disruption of services or operational systems.
