Oct 21 2021

The State of IT Infrastructure and Cybersecurity — Insights & Self-Assessment for Credit Unions, 2021

Report  
Number  
547

This brief summarizes a survey on credit unions’ technology infrastructure and cybersecurity readiness and presents a prototype self-assessment tool that credit unions can take to begin identifying risks and opportunities as they proceed along their infrastructure and security journey.

Luis Dopico
Luis Dopico
Economist
Report Number 547

Executive Summary

Credit unions have complex views about the state of their technology infrastructure and cybersecurity. 93% report that they are compliant with IT regulations, but less than half believe their IT is up to date. And although most respondents surveyed were in early stages of identifying developments, very few had reached a transformational stage (17%).

To learn more, Filene partnered with Think|Stack to carry out extensive interviews with credit union and IT specialists, surveyed 59 credit union managers during May–June 2021, including largely CEOs, COOs, and VPs for IT, and hosted several co-creation and focus groups sessions to develop a cybersecurity self-assessment tool.

Credit Union Implications

Many credit unions appear to have a formalistic (or reactive) approach to IT and cybersecurity, focusing more on compliance and security (for which there are high self-reported values), but less on long-term or transformational investments (having successively lower values for infrastructure, personnel, and data analytics).

Users of the tool can readily benchmark their own results against those for other credit unions.

The accompanying self-assessment prototype tool (as a downloadable Excel file) provides a simple way to identify your credit union’s place along the technology infrastructure and cybersecurity continuum to help your credit union:

  • Guide internal discussions about IT and cybersecurity journeys,
  • Focus communications with IT and cybersecurity vendors, such as Think|Stack, and
  • Readily benchmark IT and cybersecurity attitudes and outcomes against survey participants.