As the last remnants of the summer heat start to fade, the days become shorter, and the bright green of the trees fades to orange, not only are we signaling the start of autumn, but we are also welcoming October, which is National Cybersecurity Awareness Month here in the US.

Now entering its 21st year, National Cybersecurity Awareness Month was originally started in 2004 as a joint effort between the Department of Homeland Security and the National Cybersecurity Alliance to increase the overall knowledge, awareness, and cybersafety of Americans, as the number of cyberattacks increases every year.

While the intention and ultimate goal of the month remains the same over time, each year highlights a different theme for participants to focus on. According to the founders of the event, this year’s theme is “Building a Cyber Strong America, highlighting the need to strengthen the country’s infrastructure against cyber threats, ensuring resilience and security.”

Credit unions should feel a particular connection to this year’s theme, as cooperative financial institutions are critical infrastructure that millions of Americans depend on. Their financial wellness and access to financial services depend on credit unions’ ability to remain cybersecure and support their members in doing so as well.

Cybersecurity risks in 2025

Cybersecurity threats and costs tragically only increse year over year, targeting both individuals and businesses. In 2024 alone, consumers lost $27.2 billion to identity fraud, and 43% of businesses lost existing customers because of cyberattacks, according to Javelin Strategy & Research’s 2025 and The Hiscox Cyber Readiness Report 2024, respectively.

Members trust and rely on their credit union to protect them and their finances. If a member is a victim of a cyberattack, the credit union’s response and support will be critical in determining the future relationship between the member and the credit union. At the same time, if the credit union is the victim of an attack and is not prepared, trust between the credit union and its members can be eroded, resulting in lost memberships.

This is why participation in Cybersecurity Awareness Month should be nonoptional for credit unions. While perhaps not quite as exciting as the spooky festivities normally associated with the month of October, Cybersecurity Month offers credit unions the perfect opportunity to educate members on the latest cyber threats and the newest methods bad actors are employing, as well as beefing up the credit union’s own cybersecurity through training and a reassessment of current measures.

To let the month go by without taking action would be a disservice to the movement as a whole. So what then should credit unions focus on throughout October?

Education and training efforts

As always, member education is a critical part of the month to ensure the security of both the credit union and its members. While the 0verall ciriculum of Cybersecurity month is often the same, focusing on constant threats as well as tried and true cybersecurity advice such as online safety, password hygiene, not clicking suspicious links, etc., credit unions should take care to also focus on new and emerging threats to member safety.

Of course, don’t forget about those classic cybersecurity lessons entirely, but hopefully by now, most of your members are aware of them. Instead, call attention to new scams and methods they might still be trying to figure out.

Given the rapid development of artificial intelligence over the last few years and the rise of associated AI scams, which capitalize on AI’s ability to create error-free communication, mimic real human interactions, and recreate real voices, thus more easily deceiving members into giving out their information, the topic should be a frontrunner for this year’s education.

What are some of the most prominent AI scams going around right now? How can members spot the difference between real credit union communications and AI? What should they do if they’re not sure? We’ll delve into the topic of AI fraud much deeper throughout Cybersecurity Month, but in the meantime, education efforts on this front are something your credit union should begin investigating.

But education efforts should not be limited to your members; your staff is also a key aspect of the credit union’s overall cybersecurity plan. Employees are just as likely to fall prey to scams or cyber threats as your members, and if they do so from inside the credit union network, they could put the whole system at risk. Staff training and awareness should be a year-round endeavor, but October can serve as an opportunity to reassess current plans, remind staff, and pull out deeper training exercises.

For example, when was the last time you reviewed the cybersecurity section of your business continuity plan and updated it? Has the cybersecurity landscape and new technologies, such as AI, rendered it in need of new policies and procedures? Is your staff up-to-date on the plan and aware of what steps should be taken in the event of a cyber incident? When was the last time your team conducted a tabletop exercise? There’s no better time than the present.

Are you members cybersecure?

Your credit union shouldn’t be waiting for October to inform members on evolving cybersecurity threats, nor to do these cybersecurity checks, but it’s also the perfect time to do so if you haven’t yet. If you’re looking for advice or ways to get started, you can check out our articles on the topic, and stay tuned, as we will be tackling the subject of cybersecurity all throughout October!