Share This Page

Cybersecurity Preparedness Resource

October 19, 2018 / Source: FDIC

Financial Institution Letters

FIL-63-2018
October 19, 2018

Cybersecurity Preparedness Resource

Printable Format: FIL-63-2018 – PDF (PDF Help)

Summary:

As part of the FDIC's Community Banking Initiative, the agency is adding to its cybersecurity awareness resources for financial institutions. This includes two new vignettes for the Cyber Challenge, which consists of exercises that are intended to encourage discussions of operational risk issues and the potential impact of information technology disruptions on common banking functions.

Statement of Applicability to Institutions under $1 Billion in Total Assets: This Financial Institution Letter is applicable to all FDIC-supervised insured depository institutions.

Highlights:

Community financial institutions may be exposed to operational risks through internal or external events ranging from cyber attacks to natural disasters. Operational risks can threaten an institution's ability to conduct basic business operations, impact its customer service, and tarnish its reputation. To help community financial institutions assess and prepare for these risks the FDIC is expanding its Cyber Challenge exercise offering atwww.fdic.gov/regulations/resources/director/technical/cyber/purpose.html.

  • Cyber Challenge facilitates discussion between financial institution management and staff about operational risk issues. The exercises are designed to provide valuable information about an institution's current state of preparedness and identify opportunities to strengthen resilience to operational risk. The first Cyber Challenge videos and supporting discussion materials were released in early 2014, with three additional scenarios released in 2016. All the material is available at the Directors' Resource Center.
  • Cyber Challenge now consists of:
    • Nine scenarios presented through short video vignettes;
    • Associated challenge questions;
    • Reference materials; and
    • An instructional guide.
  • Cyber Challenge is not a regulatory requirement; rather, it is an optional resource that may assist financial institutions in strengthening their resilience to operational risk. Cyber Challenge is available at www.fdic.gov/regulations/resources/director/technical/cyber/purpose.html.

Distribution:

FDIC-Supervised Financial Institutions

Suggested Routing:

Chief Executive Officer

Executive Officers

Chief Information Security Officer

Risk Officers

Related Topics:

FFIEC Cybersecurity Assessment Tool

FFIEC Business Continuity Planning Booklet

FFIEC Information Security Booklet

Attachment:

None

Contact:

James O. Brignac, Senior Specialist Critical Infrastructure Protection [email protected] (202) 898-3946

Marlene M. Roberts, Senior Specialist Critical Infrastructure Protection [email protected] (703) 254-0465

Note:

FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's website at www.fdic.gov/news/news/financial/2018/.

To receive FILs electronically, please visit www.fdic.gov/about/subscriptions/fil.html.

Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E 1002, Arlington, VA 22226 (877-275-3342 or 703-562-2200).