IDEAS home Printed from https://ideas.repec.org/a/pal/risman/v22y2020i4d10.1057_s41283-020-00063-2.html
   My bibliography  Save this article

Cybersecurity hazards and financial system vulnerability: a synthesis of literature

Author

Listed:
  • Md. Hamid Uddin

    (University of Southampton, Malaysia Campus
    Taylor’s University)

  • Md. Hakim Ali

    (Taylor’s University)

  • Mohammad Kabir Hassan

    (University of New Orleans)

Abstract

In this paper, we provide a systematic review of the growing body of literature exploring the issues related to pervasive effects of cybersecurity risk on the financial system. As the cybersecurity risk has appeared as a significant threat to the financial sector, researchers and analysts are trying to understand this problem from different perspectives. There are plenty of documents providing conceptual discussions, technical analysis, and survey results, but empirical studies based on real data are yet limited. Besides, the international and national regulatory bodies suggest guidelines to help banks and financial institutions managing cyber risk exposure. In this paper, we synthesize relevant articles and policy documents on cybersecurity risk, focusing on the dimensions detrimental to the banking system’s vulnerability. Finally, we propose five new research avenues for consideration that may enhance our knowledge of cybersecurity risk and help practitioners develop a better cyber risk management framework.

Suggested Citation

  • Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    • Handle: RePEc:pal:risman:v:22:y:2020:i:4:d:10.1057_s41283-020-00063-2
    DOI: 10.1057/s41283-020-00063-2
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41283-020-00063-2
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1057/s41283-020-00063-2?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Iñaki Aldasoro & Leonardo Gambacorta & Paolo Giudici & Thomas Leach, 2020. "Operational and cyber risks in the financial sector," BIS Working Papers 840, Bank for International Settlements.
    2. Benaroch, Michel & Chernobai, Anna & Goldstein, James, 2012. "An internal control perspective on the market value consequences of IT operational risk events," International Journal of Accounting Information Systems, Elsevier, vol. 13(4), pages 357-381.
    3. Shinichi Kamiya & Jun-Koo Kang & Jungmin Kim & Andreas Milidonis & René M. Stulz, 2018. "What is the Impact of Successful Cyberattacks on Target Firms?," NBER Working Papers 24409, National Bureau of Economic Research, Inc.
    4. Diamond, Douglas W & Dybvig, Philip H, 1986. "Banking Theory, Deposit Insurance, and Bank Regulation," The Journal of Business, University of Chicago Press, vol. 59(1), pages 55-68, January.
    5. Shackelford, Scott J., 2012. "Should your firm invest in cyber risk insurance?," Business Horizons, Elsevier, vol. 55(4), pages 349-356.
    6. Robert G. King & Ross Levine, 1993. "Finance and Growth: Schumpeter Might Be Right," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 108(3), pages 717-737.
    7. Zephirin, M G, 1994. "Switching Costs in the Deposit Market," Economic Journal, Royal Economic Society, vol. 104(423), pages 455-461, March.
    8. Dufwenberg, Martin & Dufwenberg, Martin A., 2018. "Lies in disguise – A theoretical analysis of cheating," Journal of Economic Theory, Elsevier, vol. 175(C), pages 248-264.
    9. Scott, Susan V. & Van Reenen, John & Zachariadis, Markos, 2017. "The long-term effect of digital innovation on bank performance: An empirical study of SWIFT adoption in financial services," Research Policy, Elsevier, vol. 46(5), pages 984-1004.
    10. Abraham, Santhosh & Shrives, Philip J., 2014. "Improving the relevance of risk factor disclosure in corporate annual reports," The British Accounting Review, Elsevier, vol. 46(1), pages 91-107.
    11. S. E. Goodman & Rob Ramer, 2007. "Identify and Mitigate the Risks of Global IT Outsourcing," Journal of Global Information Technology Management, Taylor & Francis Journals, vol. 10(4), pages 1-6, October.
    12. Ari Hyytinen & Tuomas Takalo, 2002. "Enhancing Bank Transparency: A Re-assessment," Review of Finance, European Finance Association, vol. 6(3), pages 429-445.
    13. Berger, Allen N. & DeYoung, Robert, 1997. "Problem loans and cost efficiency in commercial banks," Journal of Banking & Finance, Elsevier, vol. 21(6), pages 849-870, June.
    14. Douglas W. Diamond & Philip H. Dybvig, 2000. "Bank runs, deposit insurance, and liquidity," Quarterly Review, Federal Reserve Bank of Minneapolis, vol. 24(Win), pages 14-23.
    15. Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    16. Martin Eling & Martin Lehmann, 2018. "The Impact of Digitalization on the Insurance Value Chain and the Insurability of Risks," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(3), pages 359-396, July.
    17. Glaessner, Thomas & Kellermann, Tom & McNevin, Valerie, 2002. "Electronic security - risk mitigation in financial transactions : public policy issues," Policy Research Working Paper Series 2870, The World Bank.
    18. Teece, David J., 2018. "Profiting from innovation in the digital economy: Enabling technologies, standards, and licensing models in the wireless world," Research Policy, Elsevier, vol. 47(8), pages 1367-1387.
    19. Allen, Franklin & Gale, Douglas, 2004. "Competition and Financial Stability," Journal of Money, Credit and Banking, Blackwell Publishing, vol. 36(3), pages 453-480, June.
    20. Luis Filipe Lages, 2016. "VCW—Value Creation Wheel: Innovation, technology, business, and society," Nova SBE Working Paper Series wp600, Universidade Nova de Lisboa, Nova School of Business and Economics.
    21. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    22. Saini Das & Arunabha Mukhopadhyay & Manoj Anand, 2012. "Stock Market Response to Information Security Breach: A Study Using Firm and Attack Characteristics," Journal of Information Privacy and Security, Taylor & Francis Journals, vol. 8(4), pages 27-55, October.
    23. Randall E. Duran & Paul Griffin, 2020. "Smart contracts: will Fintech be the catalyst for the next global financial crisis?," Journal of Financial Regulation and Compliance, Emerald Group Publishing Limited, vol. 29(1), pages 104-122, January.
    24. Nadim Ahmad & Paul Schreyer, 2016. "Measuring GDP in a Digitalised Economy," OECD Statistics Working Papers 2016/7, OECD Publishing.
    25. Chauhan, Yogesh & Kumar, Surya B., 2018. "Do investors value the nonfinancial disclosure in emerging markets?," Emerging Markets Review, Elsevier, vol. 37(C), pages 32-46.
    26. Hsu, Audrey Wen-hsin & Pourjalali, Hamid & Song, Yi-Ju, 2018. "Fair value disclosures and crash risk," Journal of Contemporary Accounting and Economics, Elsevier, vol. 14(3), pages 358-372.
    27. Beccalli, Elena, 2007. "Does IT investment improve bank performance? Evidence from Europe," Journal of Banking & Finance, Elsevier, vol. 31(7), pages 2205-2230, July.
    28. Antoine Bouveret, 2018. "Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment," IMF Working Papers 2018/143, International Monetary Fund.
    29. Emanuel Kopp & Lincoln Kaffenberger & Christopher Wilson, 2017. "Cyber Risk, Market Failures, and Financial Stability," IMF Working Papers 2017/185, International Monetary Fund.
    30. King, Robert G. & Levine, Ross, 1993. "Finance, entrepreneurship and growth: Theory and evidence," Journal of Monetary Economics, Elsevier, vol. 32(3), pages 513-542, December.
    31. Casu, Barbara & Ferrari, Alessandra & Girardone, Claudia & Wilson, John O.S., 2016. "Integration, productivity and technological spillovers: Evidence for eurozone banking industries," European Journal of Operational Research, Elsevier, vol. 255(3), pages 971-983.
    32. Moore, Tyler, 2010. "The economics of cybersecurity: Principles and policy options," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(3), pages 103-117.
    33. Aleda V. Roth & William E. Jackson, III, 1995. "Strategic Determinants of Service Quality and Performance: Evidence from the Banking Industry," Management Science, INFORMS, vol. 41(11), pages 1720-1733, November.
    34. Kunreuther, Howard & Heal, Geoffrey, 2003. "Interdependent Security," Journal of Risk and Uncertainty, Springer, vol. 26(2-3), pages 231-249, March-May.
    35. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    36. Lages, Luis Filipe, 2016. "VCW—Value Creation Wheel: Innovation, technology, business, and society," Journal of Business Research, Elsevier, vol. 69(11), pages 4849-4855.
    37. Lagazio, Monica & Sherif, Nazneen & Cushman, Mike, 2014. "A multi-level approach to understanding the impact of cyber crime on the financial sector," LSE Research Online Documents on Economics 57000, London School of Economics and Political Science, LSE Library.
    38. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    39. Abdur Chowdhury, 2003. "Information technology and productivity payoff in the banking industry: evidence from the emerging markets," Journal of International Development, John Wiley & Sons, Ltd., vol. 15(6), pages 693-708.
    40. Philip M. Linsley & Philip J. Shrives, 2005. "Transparency and the disclosure of risk information in the banking sector," Journal of Financial Regulation and Compliance, Emerald Group Publishing, vol. 13(3), pages 205-214, July.
    41. Young, Derek & Lopez, Juan & Rice, Mason & Ramsey, Benjamin & McTasney, Robert, 2016. "A framework for incorporating insurance in critical infrastructure cyber risk strategies," International Journal of Critical Infrastructure Protection, Elsevier, vol. 14(C), pages 43-57.
    42. Lavinia Mihaela Gutu, 2014. "The impact of Internet technology on the Romanian banks performance," Proceedings of International Academic Conferences 0702397, International Institute of Social and Economic Sciences.
    43. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William & Sohail, Tashfeen, 2006. "The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities," Journal of Accounting and Public Policy, Elsevier, vol. 25(5), pages 503-530.
    44. Jordan, John S. & Peek, Joe & Rosengren, Eric S., 2000. "The Market Reaction to the Disclosure of Supervisory Actions: Implications for Bank Transparency," Journal of Financial Intermediation, Elsevier, vol. 9(3), pages 298-319, July.
    45. Chen Peng & Maochao Xu & Shouhuai Xu & Taizhong Hu, 2017. "Modeling and predicting extreme cyber attack rates via marked point processes," Journal of Applied Statistics, Taylor & Francis Journals, vol. 44(14), pages 2534-2563, October.
    46. S J Ho & S K Mallick, 2010. "The impact of information technology on the banking industry," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 61(2), pages 211-221, February.
    47. Kwast, Myron L. & Rose, John T., 1982. "Pricing, operating efficiency, and profitability among large commercial banks," Journal of Banking & Finance, Elsevier, vol. 6(2), pages 233-254, June.
    48. Koetter, Michael & Poghosyan, Tigran, 2009. "The identification of technology regimes in banking: Implications for the market power-fragility nexus," Journal of Banking & Finance, Elsevier, vol. 33(8), pages 1413-1422, August.
    49. Kox, Henk L.M., 2013. "Cybersecurity in the perspective of Internet traffic growth," MPRA Paper 47883, University Library of Munich, Germany.
    50. Kevin M. Gatzlaff & Kathleen A. McCullough, 2010. "The Effect of Data Breaches on Shareholder Wealth," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 13(1), pages 61-83, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    2. Pierre-François Blin & Trias Aditya & Purnama Budi Santosa & Christophe Claramunt, 2023. "A Methodological Approach towards Cyber Risk Management in Land Administrations Systems," Land, MDPI, vol. 13(1), pages 1-17, December.
    3. Martin Eling & Kwangmin Jung, 2022. "Heterogeneity in cyber loss severity and its impact on cyber risk measurement," Risk Management, Palgrave Macmillan, vol. 24(4), pages 273-297, December.
    4. Kausar Yasmeen & Muhammad Adnan, 2023. "Zero-day and zero-click attacks on digital banking: a comprehensive review of double trouble," Risk Management, Palgrave Macmillan, vol. 25(4), pages 1-24, December.
    5. Berlilana & Tim Noparumpa & Athapol Ruangkanjanases & Taqwa Hariguna & Sarmini, 2021. "Organization Benefit as an Outcome of Organizational Security Adoption: The Role of Cyber Security Readiness and Technology Readiness," Sustainability, MDPI, vol. 13(24), pages 1-20, December.
    6. Jin, Justin & Li, Na & Liu, Suyi & Khalid Nainar, S.M., 2023. "Cyber attacks, discretionary loan loss provisions, and banks’ earnings management," Finance Research Letters, Elsevier, vol. 54(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    2. Uddin, Md Hamid & Mollah, Sabur & Ali, Md Hakim, 2020. "Does cyber tech spending matter for bank stability?," International Review of Financial Analysis, Elsevier, vol. 72(C).
    3. Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    4. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    5. Yin-Yee Leong & Yen-Chih Chen, 2020. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 737-759, October.
    6. Yin-Yee Leong & Yen-Chih Chen, 0. "Cyber risk cost and management in IoT devices-linked health insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-23.
    7. Dirk Wrede & Tino Stegen & Johann-Matthias Schulenburg, 2020. "Affirmative and silent cyber coverage in traditional insurance policies: Qualitative content analysis of selected insurance products from the German insurance market," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 657-689, October.
    8. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    9. Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
    10. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    11. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    12. Anum Khan & Muhammad Shujaat Mubarik & Navaz Naghavi, 2023. "What matters for financial inclusions? Evidence from emerging economy," International Journal of Finance & Economics, John Wiley & Sons, Ltd., vol. 28(1), pages 821-838, January.
    13. Beck, T.H.L., 2011. "The Role of Finance in Economic Development : Benefits, Risks, and Politics," Discussion Paper 2011-141, Tilburg University, Center for Economic Research.
    14. Martin Eling & Kwangmin Jung, 2022. "Heterogeneity in cyber loss severity and its impact on cyber risk measurement," Risk Management, Palgrave Macmillan, vol. 24(4), pages 273-297, December.
    15. Anand, Kartik & Duley, Chanelle & Gai, Prasanna, 2022. "Cybersecurity and financial stability," Discussion Papers 08/2022, Deutsche Bundesbank.
    16. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    17. Michael McShane & Trung Nguyen, 0. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-36.
    18. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    19. Crosignani, Matteo & Macchiavelli, Marco & Silva, André F., 2023. "Pirates without borders: The propagation of cyberattacks through firms’ supply chains," Journal of Financial Economics, Elsevier, vol. 147(2), pages 432-448.
    20. Iñaki Aldasoro & Leonardo Gambacorta & Paolo Giudici & Thomas Leach, 2020. "Operational and cyber risks in the financial sector," BIS Working Papers 840, Bank for International Settlements.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:risman:v:22:y:2020:i:4:d:10.1057_s41283-020-00063-2. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.