Credit unions and small FSIs under increased cybersecurity pressure

More credit unions in the US and UK have been taking steps to minimise risks

Credit unions and smaller financial services institutions (FSIs) are experiencing increased cybersecurity threats, and may be more vulnerable than larger institutions as online risks increase across the financial sector.

According to reports from SC media, the issue of cybersecurity for FSIs has become politicised in recent months, as FSI executives and Congress representatives have called for greater cybersecurity support for smaller community-based FSIs and credit unions.

A recent report showed that FSIs have seen a more than 1,300% increase in ransomware attacks alone in the first half of 2021, compared with the first six months of 2020. A number of cybersecurity experts have commented on the growing problem, and why smaller banks and credit unions are at greater risk. 

Steve Bomberger, head of SEI Sphere, a cybersecurity and IT solutions provider, told SC media that “the scale of cyberattacks has become more advanced and widespread, and the financial services industry continues to be one of the largest targets for threat actors,” adding: “Smaller banks and credit unions may not be as equipped to handle these sophisticated attacks as larger institutions.”

Tim Eades, CEO of vArmour, explained that “smaller financial targets are highly valuable, with over 5,400 credit unions in America responsible for tens of millions of individual accounts, meaning that a cyberattack on a smaller financial institution can be highly profitable for bad actors.” 

Cybersecurity has been reported as a big issue for the entire credit union industry in the US. According to the National Association of Federally-Insured Credit Unions’ 2021 Report on Credit Unions, which looks at credit cybersecurity investments, “on average, cybersecurity programs represented 7.9% of credit union operating budgets in 2021. That figure is a record-high level and a sharp increase from just four years prior, when the average respondent devoted 5.6 percent of the operating budget toward cybersecurity.”

NAFCU’s senior counsel for research and policy, Andrew Morris, told Co-operative News: “These increases signal that cybersecurity risk is both a top priority and challenge for the credit union industry. The report also reveals that 80 percent of credit unions reported that IT and cybersecurity risks would be a significant concern in the next three years. Of note, 77% also indicated that they would likely increase staffing to support cybersecurity functions over those next three years.”

Mr Morris explained that the National Credit Union Administration has worked to provide guidance and resources to assist credit unions with this threat, with their 2021 Supervisory Priorities emphasising promoting “cybersecurity hygiene in credit unions”. 

He added: “In addition, many smaller FIs, to the extent they rely on core providers, are able to benefit from the scale and sophistication of their vendors when it comes to the security of certain components of their IT infrastructure. There is also a substantial amount of information sharing taking place in the financial sector through FS-ISAC to help identify and prevent cyber threats. Government partners have also been improving their communications with FI stakeholders about threats as they emerge.”

Robert Kelly, CEO of the Association of British Credit Unions, said: “Abcul recognises the huge strides that member credit unions, and the wider credit union sector in Great Britain, have recently taken in being more readily aware of the risks associated with cyber-crime and cyber-attacks and being able to robustly protect business systems against these threats. It’s vitally important that credit unions effectively assess the risks involved and take preventative action to safeguard systems and member datasets.

“It’s obvious that the scale of cyberattacks has become more widespread and innovative across all facets of society and financial services is no different – this is not an emerging threat but one that is present, real and changing rapidly. Abcul will continue to provide support to our member credit unions in building robust defence mechanisms and utilising resources as effectively as possible with the budgets they have available”.