Skip to the main content.
Watch Demo Meet With Our Team
Facebook Instagram Linkedin X YouTube
Case Study

UK Credit Union: Transforming Cybersecurity Through Quantified Risk

UK Credit Union, a $1.6 billion institution serving over 112,000 members since 1937, struggled with a common challenge: translating fragmented cybersecurity data into business-relevant information that leadership could understand and act upon. After evaluating traditional GRC tools and spreadsheet-based approaches, they partnered with Rivial Security to unify their risk management efforts.

The results have been transformative—fundamentally changing how the credit union talks about cybersecurity, enabling the information security team to become its own department, and saving an estimated 12 hours during exam time through streamlined evidence gathering.

Mike Slone, Associate Vice President of Information Security

Overview

Financial Services (Credit Unions)

Kentucky

$1.6 billion
Over 112,000
Rivial Risk Quantification, Compliance, and Vendor Management Platform

About UK Credit Union

UK Credit Union has served its members for nearly nine decades, building a reputation as a data-driven organization focused on providing clear, actionable insights to leadership. Mike Slone, Associate Vice President of Information Security, is responsible for reducing the impact of cyber incidents and providing leadership with data-driven insight into the credit union's cyber risk posture and program priorities.

The Challenge:
Fragmented Data, Manual Effort

Before working with Rivial, UK Credit Union had all the right pieces in place—risk assessments, vulnerability data, and compliance activities—but they were spread across multiple tools with no unified view.

Key Pain Points

  1. Fragmented Data: Risk assessments, vulnerability data, and compliance activities were spread across multiple disconnected tools
  2. Translation Gap: Difficulty translating technical cybersecurity data into business-relevant information for leadership
  3. Manual Effort: Significant time spent manually pulling data together from various sources
  4. One-Size-Fits-All Tools: Traditional GRC solutions felt generic and weren't tailored to their environment or risk tolerance
  5. Limited Credit Union Focus: Hard to find tools specific to the credit union sphere that also addressed cybersecurity depth

"We were doing risk assessments, vulnerability data, compliance activities. All of that was in place and functioning, but they were spread across multiple tools," Slone explained. "Our biggest challenge was actually bringing all of that together and then translating that data into business-relevant information."

"We're real data-driven here at the credit union and just being able to provide that and find all that information in one single pane of glass has been a godsend."

"It's fundamentally changed how we're able to have those security conversations. It takes what can be considered a technical and kind of hard to understand topic and simplifies it in everyday communication that business leaders grasp and recognize."

Why UK Credit Union Chose Rivial

Risk Quantification

Ability to express cyber risk in financial terms, not just high/medium/low scores

Credit Union Specific

Designed with credit union needs and examiner expectations in mind

Cybersecurity Depth

Goes deeper into cybersecurity than typical enterprise GRC tools

Tailored Approach

Flexible enough to adapt to their unique environment and risk tolerance

Community Connection

Access to information sharing among credit union security professionals

Smooth, Collaborative Implementation

The implementation process exceeded expectations

Deep understanding:

Rivial took time to understand UK Credit Union’s unique environment, provided unlimited training and support, and maintained clear communication throughout.

Structured by flexible

"The process was structured, but it still was flexible. It allowed us to move quickly while still building something that felt tailored for our organization. I couldn't ask for more."

Key Results and Benefits

The most significant impact has been transforming how UK Credit Union communicates about cybersecurity across the organization.

  • Financial Terms: Expressing cyber risk in dollar terms that leadership understands
  • Cross-Department Impact: Showing how security decisions affect different departments
  • Board Communication: Leadership can present clear, quantified risk data to the board
  • Investment Justification: Direct ability to show impact of implementing solutions or tightening controls

"Being able to take high, medium, low scoring and put it into dollar terms that our leadership can see and the impact it's going to have across different departments has been a real change for us."

The ability to provide clear, data-driven insights helped elevate the entire information security function.

  • Organizational Change: InfoSec transitioned from living under risk management to becoming its own department
  • Leadership Buy-In: Data-driven approach won over senior leadership
  • Strategic Recognition: Security now recognized as a strategic function, not just a compliance checkbox

"InfoSec has traditionally lived under our risk management department, but we've been able to actually transition to becoming our own department, our own entity now within the credit union."

Evidence gathering for audits and exams has been dramatically simplified.

  • 12 Hours Saved: Estimated time savings during exam preparation
  • Single Source: All evidence pulled from one platform instead of scrambling across tools
  • Clean Exams: No major findings from examinations
  • Team Appreciation: Feedback from colleagues on how much smoother exam time has become

"We've estimated that this year, around exam time, we probably saved around 12 hours of time, which has been appreciated across all teams."

The platform has brought repeatability and clarity to cybersecurity reporting—measuring maturity over time and enabling custom reports for supervisory audit committee presentations.

"Consistency and efficiency—those are two key terms I've been using as our partnership with Rivial has continued to mature. We can articulate that cyber risk and effectiveness in a repeatable way."

The Value of Partnership

What distinguishes the Rivial relationship is the genuine partnership that goes beyond a typical vendor arrangement—responsive communication, feedback incorporated into development, and feeling like an extension of the team.

"I feel like Rivial is an extension of our team and not just another vendor relationship that we have."

"I've even made some comments around the dashboarding and that was taken back to development. It just feels like a real partnership and not like an only-when-needed relationship."

Looking Ahead

UK Credit Union is expanding their partnership with Rivial in 2026, adding the vendor management module and an AI assessment module to address emerging technology risks.

"As a credit union, a lot of processes are with vendors. Being able to actually assess that the same stringent way that we assess our internal systems is going to be key to our future success."

Conclusion

For credit unions seeking to transform how they communicate cybersecurity risk to leadership, University of Kentucky Federal Credit Union's partnership with Rivial demonstrates what's possible. Through:

  • Quantified risk in financial terms

  • Fundamentally changed security conversations

  • Streamlined exam preparation

  • Consistency and efficiency in reporting

  • A true partnership approach

Rivial has helped UK Credit Union gain clarity, efficiency, and strategic recognition for their cybersecurity program—while continuing to protect their 112,000+ members.

As Slone summarized: "Whatever bucket Rivial falls into, I can tell you that you will gain efficiency and clarity over all the data you have."

You'll never look back

Rivial's Revolutionary platform will transform your CISO life.

Schedule A Demo