Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter

Updated FFIEC Cybersecurity Resource Guide for Financial Institutions


On October 3, 2022, the Federal Financial Institutions Examination Council (FFIEC) announced an update to its 2018 Cybersecurity Resource Guide for Financial Institutions. The guide includes updated references and now includes ransomware–specific resources. The FDIC is amplifying this resource in recognition of Cybersecurity Awareness Month, which highlights the importance of safeguarding our Nation’s critical infrastructure from malicious cyber activity and protecting citizens and businesses from ransomware and other cyber attacks.

Statement of Applicability: The contents of, and material referenced in, this FIL apply to all FDIC-insured financial institutions.


  • Financial institutions and their service providers should remain vigilant in addressing cyber risk.
  • The FFIEC updated its October 2018 Cybersecurity Resource Guide for Financial Institutions.
  • The purpose of this guide is to help financial institutions meet their security control objectives and prepare to respond to cyber incidents.
  • The updated resource guide now includes ransomware-specific resources to address the ongoing threat of ransomware incidents.
  • For more information, including a link to the FFIEC Cybersecurity Awareness webpage, visit the FDIC Cybersecurity Resources webpage.
Related Topics
Information Technology
Last Updated: October 27, 2022