Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment

Cyber risk has emerged as a key threat to financial stability, following recent attacks on financial institutions. This paper presents a novel documentation of cyber risk around the world for financial institutions by analyzing the different types of cyber incidents (data breaches, fraud and business disruption) and identifying patterns using a variety of datasets. The other novel contribution that is outlined is a quantitative framework to assess cyber risk for the financial sector. The framework draws on a standard VaR type framework used to assess various types of stability risk and can be easily applied at the individual country level. The framework is applied in this paper to the available cross-country data and yields illustrative aggregated losses for the financial sector in the sample across a variety of scenarios ranging from 10 to 30 percent of net income.

[1]  Carl Scarrott,et al.  A Review of Extreme Value Threshold Estimation and Uncertainty Quantification , 2012 .

[2]  Udi E. Makov,et al.  Principal Applications of Bayesian Methods in Actuarial Science , 2001 .

[3]  Lisa Young,et al.  A Taxonomy of Operational Cyber Security Risks , 2010 .

[4]  R. Fisher,et al.  Introduction to Statistical Modelling of Extreme Values , 2019 .

[5]  Markus Riek,et al.  A Fundamental Approach to Cyber Risk Analysis , 2018 .

[6]  Tyler Moore,et al.  Measuring the Cost of Cybercrime , 2012, WEIS.

[7]  Yang Hu,et al.  evmix: An R package for Extreme Value Mixture Modeling, Threshold Estimation and Boundary Corrected Kernel Density Estimation , 2018 .

[8]  Gareth W. Peters,et al.  Fundamental Aspects of Operational Risk and Insurance Analytics: A Handbook of Operational Risk , 2015 .

[9]  Pavel V. Shevchenko,et al.  Calculation of aggregate loss distributions , 2010, 1008.1108.

[10]  A. McNeil,et al.  Common Poisson Shock Models: Applications to Insurance and Credit Risk Modelling , 2003, ASTIN Bulletin.

[11]  Martin Eling,et al.  Cyber Risk: Too Big to Insure? Risk Transfer Options for a Mercurial Risk Class , 2016 .

[12]  David Bholat,et al.  Text Mining for Central Banks , 2015 .

[13]  Emily Mossburg,et al.  Beneath the surface of a cyberattack: a deeper look at business impacts , 2016 .

[14]  Emanuel Kopp,et al.  Cyber Risk, Market Failures, and Financial Stability , 2017, SSRN Electronic Journal.

[15]  Sasha Romanosky,et al.  Examining the costs and causes of cyber incidents , 2016, J. Cybersecur..

[16]  Martin Eling,et al.  Insurability of Cyber Risk: An Empirical Analysis , 2014, The Geneva Papers on Risk and Insurance - Issues and Practice.

[17]  Christian Hess The impact of the financial crisis on operational risk in the financial services industry: empirical evidence , 2011 .