Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Credit unions and small FSIs under increased cybersecurity pressure

More credit unions in the US and UK have been taking steps to minimise risks

Credit unions and smaller financial services institutions (FSIs) are experiencing increased cybersecurity threats, and may be more vulnerable than larger institutions as online risks increase across the financial sector.

According to reports from SC media, the issue of cybersecurity for FSIs has become politicised in recent months, as FSI executives and Congress representatives have called for greater cybersecurity support for smaller community-based FSIs and credit unions.

A recent report showed that FSIs have seen a more than 1,300% increase in ransomware attacks alone in the first half of 2021, compared with the first six months of 2020. A number of cybersecurity experts have commented on the growing problem, and why smaller banks and credit unions are at greater risk. 

Steve Bomberger, head of SEI Sphere, a cybersecurity and IT solutions provider, told SC media that “the scale of cyberattacks has become more advanced and widespread, and the financial services industry continues to be one of the largest targets for threat actors,” adding: “Smaller banks and credit unions may not be as equipped to handle these sophisticated attacks as larger institutions.”

Tim Eades, CEO of vArmour, explained that “smaller financial targets are highly valuable, with over 5,400 credit unions in America responsible for tens of millions of individual accounts, meaning that a cyberattack on a smaller financial institution can be highly profitable for bad actors.” 

Cybersecurity has been reported as a big issue for the entire credit union industry in the US. According to the National Association of Federally-Insured Credit Unions’ 2021 Report on Credit Unions, which looks at credit cybersecurity investments, “on average, cybersecurity programs represented 7.9% of credit union operating budgets in 2021. That figure is a record-high level and a sharp increase from just four years prior, when the average respondent devoted 5.6 percent of the operating budget toward cybersecurity.”

NAFCU’s senior counsel for research and policy, Andrew Morris, told Co-operative News: “These increases signal that cybersecurity risk is both a top priority and challenge for the credit union industry. The report also reveals that 80 percent of credit unions reported that IT and cybersecurity risks would be a significant concern in the next three years. Of note, 77% also indicated that they would likely increase staffing to support cybersecurity functions over those next three years.”

Mr Morris explained that the National Credit Union Administration has worked to provide guidance and resources to assist credit unions with this threat, with their 2021 Supervisory Priorities emphasising promoting “cybersecurity hygiene in credit unions”. 

He added: “In addition, many smaller FIs, to the extent they rely on core providers, are able to benefit from the scale and sophistication of their vendors when it comes to the security of certain components of their IT infrastructure. There is also a substantial amount of information sharing taking place in the financial sector through FS-ISAC to help identify and prevent cyber threats. Government partners have also been improving their communications with FI stakeholders about threats as they emerge.”

Robert Kelly, CEO of the Association of British Credit Unions, said: “Abcul recognises the huge strides that member credit unions, and the wider credit union sector in Great Britain, have recently taken in being more readily aware of the risks associated with cyber-crime and cyber-attacks and being able to robustly protect business systems against these threats. It’s vitally important that credit unions effectively assess the risks involved and take preventative action to safeguard systems and member datasets.

“It’s obvious that the scale of cyberattacks has become more widespread and innovative across all facets of society and financial services is no different – this is not an emerging threat but one that is present, real and changing rapidly. Abcul will continue to provide support to our member credit unions in building robust defence mechanisms and utilising resources as effectively as possible with the budgets they have available”.