Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.
Financial Institution Letter
Cybersecurity Preparedness Resource
October 19, 2018
Notes
 

Summary:

As part of the FDIC's Community Banking Initiative, the agency is adding to its cybersecurity awareness resources for financial institutions. This includes two new vignettes for the Cyber Challenge , which consists of exercises that are intended to encourage discussions of operational risk issues and the potential impact of information technology disruptions on common banking functions.

Statement of Applicability to Institutions under $1 Billion in Total Assets: This Financial Institution Letter is applicable to all FDIC-supervised insured depository institutions.

Highlights:

Community financial institutions may be exposed to operational risks through internal or external events ranging from cyber attacks to natural disasters. Operational risks can threaten an institution's ability to conduct basic business operations, impact its customer service, and tarnish its reputation. To help community financial institutions assess and prepare for these risks the FDIC is expanding its Cyber Challenge exercise offering at www.fdic.gov/regulations/resources/director/technical/cyber/purpose.html .

  • Cyber Challenge facilitates discussion between financial institution management and staff about operational risk issues. The exercises are designed to provide valuable information about an institution's current state of preparedness and identify opportunities to strengthen resilience to operational risk. The first Cyber Challenge videos and supporting discussion materials were released in early 2014, with three additional scenarios released in 2016. All the material is available at the Directors' Resource Center.
  • Cyber Challenge now consists of:
    • Nine scenarios presented through short video vignettes;
    • Associated challenge questions;
    • Reference materials; and
    • An instructional guide.
  • Cyber Challenge is not a regulatory requirement; rather, it is an optional resource that may assist financial institutions in strengthening their resilience to operational risk. Cyber Challenge is available at www.fdic.gov/regulations/resources/director/technical/cyber/purpose.html .

Distribution:

  • FDIC-Supervised Financial Institutions

Suggested Routing:

  • Chief Executive Officer
  • Executive Officers
  • Chief Information Security Officer
  • Risk Officers

Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E 1002, Arlington, VA 22226 (877-275-3342 or 703-562-2200).

FIL-63-2018
Attachments
FFIEC Cybersecurity Assessment Tool
FFIEC Business Continuity Planning Booklet
FFIEC Information Security Booklet
Last Updated: October 19, 2018