Friday , May 29 2020
Home / Bank of International Settlement / The drivers of cyber risk

The drivers of cyber risk

Summary:
BIS Working Papers  |  No 865  |  20 May 2020 by  Iñaki Aldasoro, Leonardo Gambacorta, Paolo Giudici and Thomas Leach PDF full text (684kb)  |  45 pages Focus Information technology (IT) has become indispensable, underpinning economic growth over the past decades. As organisations of all sizes in both the public and private sector become ever more interconnected and reliant on IT products and services such as cloud-based systems and artificial intelligence, they are increasingly exposed to cyber risks - the risk of financial loss,

Topics:
International Settlement considers the following as important:

This could be interesting, too:

Amol Agrawal writes Prof Jeemol Unni Webinar on “Impact of COVID19 Lockdown on the Informal Economy”:

Amol Agrawal writes Webinar with Montek Ahluwalia and D Subbarao: Indian Economy – Navigating Through A Crisis

FRED Blog writes The GDP of Washington, DC : The FRED Blog’s 600th post

Louise Egan writes Update: Bank of Canada asks retailers to continue accepting cash

BIS Working Papers  |  No 865  | 
20 May 2020
PDF full text
 (684kb)
 |  45 pages

Focus

Information technology (IT) has become indispensable, underpinning economic growth over the past decades. As organisations of all sizes in both the public and private sector become ever more interconnected and reliant on IT products and services such as cloud-based systems and artificial intelligence, they are increasingly exposed to cyber risks - the risk of financial loss, disruption or reputational damage to an organisation resulting from the failure of its IT systems. These episodes include malicious cyber incidents (cyber attacks) where the threat actor intends to do harm (eg ransomware attacks, hacking incidents or data theft by employees).

Contribution

Cyber incidents are becoming more sophisticated and their costs difficult to quantify. Using a unique database of more than 100,000 cyber events across sectors, we first document the characteristics of cyber incidents and obtain some stylised facts. The richness of the database also lets us examine the relationship between firm-, sector- and event-specific characteristics, and the relative cost of cyber events.

Findings

Cyber costs are higher for larger firms and for incidents that affect several organisations at once. The financial sector incurs a larger number of cyber attacks but suffers lower costs, on average, because of its greater investment in IT security. The use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. By contrast, as cloud providers become systemically important, cloud dependence is likely to increase tail risks. Crypto-related activities, which are largely unregulated, are particularly vulnerable to cyber attacks.


Abstract

Cyber incidents are becoming more sophisticated and their costs difficult to quantify. Using a unique database of more than 100,000 cyber events across sectors, we document the characteristics of cyber incidents. Cyber costs are higher for larger firms and for incidents that impact several organisations simultaneously. The financial sector is exposed to a larger number of cyber attacks but suffers lower costs, on average, thanks to proportionately greater investment in information technology (IT) security. The use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. As cloud providers become systemically important, cloud dependence is likely to increase tail risks. Crypto-related activities, which are largely unregulated, are particularly vulnerable to cyber attacks.

JEL classification: D5, D62, D82, G2, H41

Keywords: cyber risk, cloud services, financial institutions, bitcoin, cryptocurrencies, cyber cost, cyber regulation

International Settlement
The Bank for International Settlements (BIS) is an international company limited by shares owned by central banks which "fosters international monetary and financial cooperation and serves as a bank for central banks". The BIS carries out its work through subcommittees, the secretariats it hosts and through an annual general meeting of all member banks. It also provides banking services, but only to central banks and other international organizations. It is based in Basel, Switzerland, with representative offices in Hong Kong and Mexico City.

Leave a Reply

Your email address will not be published. Required fields are marked *