NCUA Letter to Credit Unions (23-CU-07): Cyber Incident Notification Requirements
Beginning on September 1, 2023, all federally insured credit unions must notify the NCUA as soon as possible, and no later than 72 hours, after the credit union reasonably believes it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident.
This letter summarizes the amendments to part 748, known as the Cyber Incident Notification Requirements rule. It also provides instructions on what and how to report to the NCUA, and includes examples of both reportable (see Appendix A) and non-reportable (see Appendix B) incidents. To facilitate incident reporting, the NCUA is also enclosing a cyber incident reporting quick reference guide.
« Return to "Latest News" Go to main navigation