Community Banks and IT Risk Management

As a result of its recent cybersecurity assessments of more than 500 community banks, the Federal Financial Institutions Examination Council will review and update guidance to help banking institutions address changing cyber-risks.

The financial infrastructure’s interconnectedness and increasing reliance on Internet-based systems and servers has opened the door for new cyberthreats.


Community banks need to ensure they are adequately and regularly assessing their risks, investing in risk-mitigation technologies, and educating staff about the increasing role cybersecurity plays in day-to-day business practices.


As part of a summary of general observations, the FFIEC recommends banking institutions take immediate steps to:


  • Ensure their board of directors and senior management understand their institutions’ cybersecurity risks.
  • Regularly discuss cybersecurity during meetings.
  • Monitor and maintain awareness of threats.
  • Manage connections with and to third parties.
  • Develop and test continuity and disaster recovery plans that incorporate cyber-incident scenarios.


All financial institutions need to give cybersecurity a high priority. Because of the continued evolution of cyber-attacks, community banks that regularly participate in cyber-intelligence sharing programs are better prepared to anticipate and mitigate cyber-risks. These banks are better equipped to enhance their existing controls and identify vulnerabilities in their systems. Until smaller institutions invest in advanced cyber-threat detection, prevention systems and tools, they will remain the proverbial low-hanging fruit for cybercrime.


The disparity in preparedness that the FFIEC found as part of its assessments, shows that cooperation among the nation’s largest institutions through organizations like the FS-ISAC has allowed them to stay abreast of and preemptively mitigate threats. This has yet to make front-page news and there are still thousands of banks that are not taking advantage of valuable information-sharing opportunities.


Is your bank holding up your end of the cybersecurity bargain? If you have questions about how you can protect your bank and your customers call ITPAC today.