IDEAS home Printed from https://ideas.repec.org/a/eee/finsta/v60y2022ics1572308922000171.html
   My bibliography  Save this article

The drivers of cyber risk

Author

Listed:
  • Aldasoro, Iñaki
  • Gambacorta, Leonardo
  • Giudici, Paolo
  • Leach, Thomas

Abstract

Cyber incidents are becoming more sophisticated and their costs difficult to quantify. Using a unique database of cyber events across sectors in the US, we document the characteristics and drivers of cyber incidents. Cyber costs are higher for larger firms and for incidents that impact several organisations simultaneously. Events with malicious intent (i.e. cyber attacks) tend to be less costly, unless they are on the upper tail of the loss distribution. The financial sector is exposed to a larger number of cyber attacks but suffers lower costs, on average. The use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. As cloud providers become systemically important, cloud dependence is likely to increase tail risks. Finally, we document that higher expenditure on IT is associated with future reduced costs from cyber incidents.

Suggested Citation

  • Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    • Handle: RePEc:eee:finsta:v:60:y:2022:i:c:s1572308922000171
    DOI: 10.1016/j.jfs.2022.100989
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1572308922000171
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.jfs.2022.100989?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to look for a different version below or search for a different version of it.

    Other versions of this item:

    References listed on IDEAS

    as
    1. Iñaki Aldasoro & Leonardo Gambacorta & Paolo Giudici & Thomas Leach, 2023. "Operational and Cyber Risks in the Financial Sector," International Journal of Central Banking, International Journal of Central Banking, vol. 19(5), pages 340-402, December.
    2. Shinichi Kamiya & Jun-Koo Kang & Jungmin Kim & Andreas Milidonis & René M. Stulz, 2018. "What is the Impact of Successful Cyberattacks on Target Firms?," NBER Working Papers 24409, National Bureau of Economic Research, Inc.
    3. Len Umantsev & Victor Chernozhukov, 2001. "Conditional value-at-risk: Aspects of modeling and estimation," Empirical Economics, Springer, vol. 26(1), pages 271-292.
    4. Alberto Abadie & Susan Athey & Guido W Imbens & Jeffrey M Wooldridge, 2023. "When Should You Adjust Standard Errors for Clustering?," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 138(1), pages 1-35.
    5. Crosignani, Matteo & Macchiavelli, Marco & Silva, André F., 2023. "Pirates without borders: The propagation of cyberattacks through firms’ supply chains," Journal of Financial Economics, Elsevier, vol. 147(2), pages 432-448.
    6. Chernobai, Anna & Jorion, Philippe & Yu, Fan, 2011. "The Determinants of Operational Risk in U.S. Financial Institutions," Journal of Financial and Quantitative Analysis, Cambridge University Press, vol. 46(6), pages 1683-1725, December.
    7. A. Colin Cameron & Douglas L. Miller, 2015. "A Practitioner’s Guide to Cluster-Robust Inference," Journal of Human Resources, University of Wisconsin Press, vol. 50(2), pages 317-372.
    8. Réka Albert & Hawoong Jeong & Albert-László Barabási, 2000. "Error and attack tolerance of complex networks," Nature, Nature, vol. 406(6794), pages 378-382, July.
    9. Antoine Bouveret, 2018. "Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment," IMF Working Papers 2018/143, International Monetary Fund.
    10. Daron Acemoglu & Asuman Ozdaglar & Alireza Tahbaz-Salehi, 2015. "Systemic Risk and Stability in Financial Networks," American Economic Review, American Economic Association, vol. 105(2), pages 564-608, February.
    11. Cristian Roner & Claudia Di Caterina & Davide Ferrari, 2021. "Exponential Tilting for Zero-inflated Interval Regression with Applications to Cyber Security Survey Data," BEMPS - Bozen Economics & Management Paper Series BEMPS85, Faculty of Economics and Management at the Free University of Bozen.
    12. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    13. Anil K. Kashyap & Anne Wetherilt, 2019. "Some Principles for Regulating Cyber Risk," AEA Papers and Proceedings, American Economic Association, vol. 109, pages 482-487, May.
    14. Adrian Baldwin & Iffat Gheyas & Christos Ioannidis & David Pym & Julian Williams, 2017. "Contagion in cyber security attacks," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 68(7), pages 780-791, July.
    15. Eisenbach, Thomas M. & Kovner, Anna & Lee, Michael Junho, 2022. "Cyber risk and the U.S. financial system: A pre-mortem analysis," Journal of Financial Economics, Elsevier, vol. 145(3), pages 802-826.
    16. Filippo Curti & W. Scott Frame & Atanas Mihov, 2022. "Are the Largest Banking Organizations Operationally More Risky?," Journal of Money, Credit and Banking, Blackwell Publishing, vol. 54(5), pages 1223-1259, August.
    17. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    18. Kennedy, Peter E, 1981. "Estimation with Correctly Interpreted Dummy Variables in Semilogarithmic Equations [The Interpretation of Dummy Variables in Semilogarithmic Equations]," American Economic Review, American Economic Association, vol. 71(4), pages 801-801, September.
    19. Nikil Chande & Dennis Yanchus, 2019. "The Cyber Incident Landscape," Staff Analytical Notes 2019-32, Bank of Canada.
    20. repec:cup:jfinqa:v:46:y:2011:i:06:p:1683-1725_00 is not listed on IDEAS
    21. Andrew G. Haldane & Robert M. May, 2011. "Systemic risk in banking ecosystems," Nature, Nature, vol. 469(7330), pages 351-355, January.
    22. Emanuel Kopp & Lincoln Kaffenberger & Christopher Wilson, 2017. "Cyber Risk, Market Failures, and Financial Stability," IMF Working Papers 2017/185, International Monetary Fund.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    2. Crosignani, Matteo & Macchiavelli, Marco & Silva, André F., 2023. "Pirates without borders: The propagation of cyberattacks through firms’ supply chains," Journal of Financial Economics, Elsevier, vol. 147(2), pages 432-448.
    3. José Ramón Martínez Resano, 2022. "Digital resilience and financial stability. The quest for policy tools in the financial sector," Financial Stability Review, Banco de España, issue NOV.
    4. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    5. José Ramón Martínez Resano, 2022. "Digital resilience and financial stability. The quest for policy tools in the financial sector," Financial Stability Review, Banco de España, issue Autumn.
    6. Martin Boyer & Martin Eling, 2023. "New advances on cyber risk and cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 267-274, April.
    7. José Ramón Martínez Resano, 2022. "Digital resilience and financial stability. The quest for policy tools in the financial sector," Revista de Estabilidad Financiera, Banco de España, issue NOV.
    8. Iñaki Aldasoro & Leonardo Gambacorta & Paolo Giudici & Thomas Leach, 2023. "Operational and Cyber Risks in the Financial Sector," International Journal of Central Banking, International Journal of Central Banking, vol. 19(5), pages 340-402, December.
    9. Chris Florakis & Christodoulos Louca & Roni Michaely & Michael Weber, 2020. "Cybersecurity Risk," Working Papers 2020-178, Becker Friedman Institute for Research In Economics.
    10. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    11. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    12. Michel Alexandre & Gilberto Tadeu Lima & Luca Riccetti & Alberto Russo, 2023. "The financial network channel of monetary policy transmission: an agent-based model," Journal of Economic Interaction and Coordination, Springer;Society for Economic Science with Heterogeneous Interacting Agents, vol. 18(3), pages 533-571, July.
    13. Rustam Jamilov & Hélène Rey & Ahmed Tahoun, 2021. "The Anatomy of Cyber Risk," NBER Working Papers 28906, National Bureau of Economic Research, Inc.
    14. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.
    15. Yin-Yee Leong & Yen-Chih Chen, 0. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-23.
    16. Anand, Kartik & Duley, Chanelle & Gai, Prasanna, 2022. "Cybersecurity and financial stability," Discussion Papers 08/2022, Deutsche Bundesbank.
    17. Matteo Smerlak & Brady Stoll & Agam Gupta & James S Magdanz, 2015. "Mapping Systemic Risk: Critical Degree and Failures Distribution in Financial Networks," PLOS ONE, Public Library of Science, vol. 10(7), pages 1-15, July.
    18. Hüser, Anne-Caroline, 2016. "Too interconnected to fail: A survey of the Interbank Networks literature," SAFE Working Paper Series 91, Leibniz Institute for Financial Research SAFE, revised 2016.
    19. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    20. Wang, Shaun S., 2019. "Integrated framework for information security investment and cyber insurance," Pacific-Basin Finance Journal, Elsevier, vol. 57(C).

    More about this item

    Keywords

    Cyber risk; Cloud services; Financial institutions; Cyber cost; Cyber regulation;
    All these keywords.

    JEL classification:

    • D5 - Microeconomics - - General Equilibrium and Disequilibrium
    • D62 - Microeconomics - - Welfare Economics - - - Externalities
    • D82 - Microeconomics - - Information, Knowledge, and Uncertainty - - - Asymmetric and Private Information; Mechanism Design
    • G2 - Financial Economics - - Financial Institutions and Services
    • H41 - Public Economics - - Publicly Provided Goods - - - Public Goods

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:finsta:v:60:y:2022:i:c:s1572308922000171. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/jfstabil .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.