Skip Header
U.S. flag

An official website of the United States government

Directors' Resource Center
Technical Assistance Video Program

Cyber Challenge: A Community Bank Cyber Exercise

Cyber Challenge screen capture.

The FDIC created “Cyber Challenge:  A Community Bank Cyber Exercise” to encourage community financial institutions to discuss operational risk issues and the potential impact of information technology disruptions on common banking functions. 

Using nine unique scenarios, the Cyber Challenge helps start an important dialogue among bank management and staff about ways they address operational risk today and techniques they can use to mitigate this risk in the future. The Cyber Challenge is not a regulatory requirement; it is a technical assistance tool designed to help assess operational readiness.


Financial institution management is typically well versed in addressing traditional banking risks such as interest rate, liquidity, and credit risk. Addressing certain operational risks, however, may be more challenging, since threats to information technology and related operations of banks are increasing and evolving.

Community financial institutions may be exposed to operational risk through internal or external events ranging from cyber attacks to natural disasters. Regardless of the cause, operational risks can threaten an institution’s ability to conduct basic business operations, affect its customer service, and tarnish its reputation.


The Cyber Challenge is designed to help financial institution management and staff discuss events that may present operational risks and consider ways to mitigate them. It can provide useful information about an institution’s preparedness and identify opportunities to strengthen the bank’s resilience to operational risk.

Overview of the Exercise

The Cyber Challenge consists of nine short video vignettes and related challenge questions. Each video vignette depicts a unique scenario. The challenge questions for each vignette are designed to help bank management and staff think about how they would respond to the scenarios. Also included are lists of reference materials participants can turn to for more information.

Suggested Guidelines and Ground Rules

Institutions may use a free-flowing or facilitated discussion of the vignettes. Here are guidelines for organizing a discussion and suggested ground rules. Participants in the Cyber Challenge should treat it as a data-gathering event and follow a non-attribution policy. Participants may want to record their discussions during the exercise to help compile lessons learned and identify areas for improvement.