Online financial service platforms are evolving and credit unions either must adopt an online presence or be prepared to compete with them, Segerson said. As credit unions increase that online presence, its cybersecurity risks increase. Many large financial institutions have adopted enhanced security systems; that leads to cybercriminals moving on to smaller institutions.

"We're going to see rising risk for our institutions and the institutions we insure," Segerson told the board.

Currently, a typical cybersecurity assessment conducted by an NCUA examiner may focus on privacy and payment issues.

That will change, Segerson said, adding that such issues as the size of a credit union and its inherent cybersecurity risk will help to determine how extensive a review will be.

"The NCUA is still developing the tool and implementation will take time," Segerson said. "And as the agency develops the examination protocol it will brief the credit union industry on the new examination process." He emphasized that he wants the effort to be collaborative.

He said testing of the review process will take until mid-2017. The agency will then review the process and will implement it late in the third quarter or early in the fourth quarter of 2017.

In preparation, credit unions' boards and officers should acknowledge that cybersecurity is a serious issue, identify their risks and implement a cybersecurity program. Credit unions also should assess the cybersecurity programs used by any third-party servicers it uses.