Financial Institution Letters
October 19, 2018
Cybersecurity Preparedness Resource
As part of the FDIC's Community Banking Initiative, the agency is adding to its cybersecurity awareness resources for financial institutions. This includes two new vignettes for the Cyber Challenge, which consists of exercises that are intended to encourage discussions of operational risk issues and the potential impact of information technology disruptions on common banking functions.
Statement of Applicability to Institutions under $1 Billion in Total Assets: This Financial Institution Letter is applicable to all FDIC-supervised insured depository institutions.
Community financial institutions may be exposed to operational risks through internal or external events ranging from cyber attacks to natural disasters. Operational risks can threaten an institution's ability to conduct basic business operations, impact its customer service, and tarnish its reputation. To help community financial institutions assess and prepare for these risks the FDIC is expanding its Cyber Challenge exercise offering at www.fdic.gov/regulations/resources/director/technical/cyber/purpose.html.
- Cyber Challenge facilitates discussion between financial institution management and staff about operational risk issues. The exercises are designed to provide valuable information about an institution's current state of preparedness and identify opportunities to strengthen resilience to operational risk. The first Cyber Challenge videos and supporting discussion materials were released in early 2014, with three additional scenarios released in 2016. All the material is available at the Directors' Resource Center.
- Cyber Challenge now consists of:
- Nine scenarios presented through short video vignettes;
- Associated challenge questions;
- Reference materials; and
- An instructional guide.
- Cyber Challenge is not a regulatory requirement; rather, it is an optional resource that may assist financial institutions in strengthening their resilience to operational risk. Cyber Challenge is available at www.fdic.gov/regulations/resources/director/technical/cyber/purpose.html.
- FDIC-Supervised Financial Institutions
- Chief Executive Officer
- Executive Officers
- Chief Information Security Officer
- Risk Officers
- FFIEC Cybersecurity Assessment Tool
- FFIEC Business Continuity Planning Booklet
- FFIEC Information Security Booklet
- James O. Brignac, Senior Specialist Critical Infrastructure Protection JBrignac@fdic.gov (202) 898-3946
- Marlene M. Roberts, Senior Specialist Critical Infrastructure Protection MarRoberts@fdic.gov (703) 254-0465
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's website at www.fdic.gov/news/news/financial/2018/.
To receive FILs electronically, please visit www.fdic.gov/about/subscriptions/fil.html.
Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E 1002, Arlington, VA 22226 (877-275-3342 or 703-562-2200).