NCUA Trains Cybersecurity Specialists: Onsite Coverage

ARLINGTON, Va.Rather than hire new examiners, the NCUA is training existing staffers to check cybersecurity risk.

By Nicholas Ballasy | November 17, 2014 at 01:18 AM

ARLINGTON, Va.—Tim Segerson, deputy director at the NCUA's Office of Examination and Insurance, said the NCUA is gradually increasing the number of examiners specializing in cybersecurity, while shifting some generalists to specialists.

Addressing the NASCUS/CUNA Credit Union Cyber Security Symposium on Friday, Segerson said the agency is taking a risk-based approach to cybersecurity examinations rather than adding a large number of specialized examiners.

He told CU Times that asset size would not be the only factor the agency takes into consideration to determine an institution's risk.

"Obviously a small institution that could implode from an attack is less impactful to us from an insurers perspective than a very large one, but when we are looking at two credit unions in the $100 million range and one is very straight forward and simple and (the other) one has every service and connection under the sun, they're going to have two distinct risk profiles. So that's where we would sit there and say, 'you know what, this is one we're going to have to focus our energy on,'" Segerson said.

He added that the agency would send a specialized examiner into more complex institutions.

"We've started to shift toward specialists in specific areas for our staffing model at NCUA," he said.

Segerson said almost all credit unions are connected to cybersecurity risks in some way.

"When you're talking about cybersecurity, it's almost 100%. There may be a few credit unions that are so basic they don't have substantive cybersecurity risk," he said. "Our goal is to add more specialists. We'll always take a risk-based approach, otherwise we would have to add 100, maybe 200 more examiners, and I don't think we can handle that."

A credit union IT specialist commented from the audience that the NCUA is doing credit unions a disservice by trying to train examiners with an accounting background in IT.

In response, Segerson reiterated that the goal is to shift some of the generalists to specialists and hire additional specialists at the same time.

An IT examiner in attendance said it is important to police other examiners for technology competence.

TrustCC CEO Tom Schauer specifically warned any credit union merging with another institution to be aware of its security risks in advance.

NOT FOR REPRINT

1 Tennessee’s Y-12 Federal Credit Union Welcomes New CEO Dustin Millaway

2 Credit Union Loan Originations Recover: A Strong 'Rebound'

3 Cornerstone Financial Credit Union Introduces Buy Now, Pay Later Service

4 Credit Unions Push Back Against Proposed California Privacy Regulations

5 Credit Union of Texas Launches Spanish-Language Brand Todos Unidos

Insurance
Complex Claims & Litigation Forum 2025
February 24, 2025 - Las Vegas

This conference aims to help insurers and litigators better manage complex claims and litigation.
More Information
GlobeSt. Multifamily Spring 2025
April 01, 2025 - New York

Join the industry's top owners, investors, developers, brokers & financiers at THE MULTIFAMILY EVENT OF THE YEAR!
More Information
GlobeSt. Net Lease Spring 2025
April 01, 2025 - New York

This conference brings together the industry's most influential & knowledgeable real estate executives from the net lease sector.
More Information