make a good business better

Blog Information Security

Print Divider Print Divider Branding

PODCAST: The Future of the FFIEC Cybersecurity Assessment Tool with LBMC's Jason Riddle



Social Logo Social Logo Social Logo Social Logo

The Federal Financial Institutions Examination Council’s cybersecurity assessment tool is having a big impact on small banks and how they address cyber security.

In June 2015, the FFIEC released its cybersecurity assessment tool, which provides a mechanism for banks to self-examine information security programs based on risk to operations. The assessment provides a standard means of evaluating security programs in banks. The tool can be particularly useful in banks with assets under $1 billion – which often lack in-house cybersecurity resources.

“Obviously cybersecurity is a huge problem right now. We’ve seen things like wire fraud attacks, which aren’t terribly high-tech but definitely impact the banking industry, although the targets are oftentimes the bank’s customers,” said Jason Riddle, partner in the Managed Security Services division of LBMC Information Security.

While completing the assessment tool is not currently mandatory, it is highly encouraged and becoming more expected by examiners, who typically expect institutions to have completed the baseline controls and may ask organizations to perform further assessments based on the results.

The design and content of the FFIEC’s assessment tool takes cues from several other cybersecurity frameworks. And while the banking industry is known for its regulatory oversight and industry focus on cybersecurity, this relatively new tool is expected to give examiners a consistent measuring stick for evaluating cybersecurity risk – especially in institutions with less than $1B in assets.   

“The gist is, you should be doing this, if not already,” Riddle said.

To find out more about the FFEIC’s cybersecurity assessment tool, find it online here, visit or get in touch with Jason Riddle directly at