IDEAS home Printed from https://ideas.repec.org/p/fip/fedgfe/2025-103.html

Cyber Vulnerabilities at Large US Financial Institutions and Their Third-Party Service Providers

Author

Abstract

This paper examines cyber vulnerabilities across the 100 largest US banks, non-bank financial institutions (NBFIs), and their third-party service providers. Our analysis, based on a proprietary cyber risk analytics model, shows NBFIs exhibit greater cyber vulnerabilities than banks, though banks face larger relative losses from routine incidents. We identify third-party service providers as a hidden cyber fault line in the financial system, often having greater vulnerabilities than the institutions they serve and creating systemic risks. Scenario analyses of catastrophic cyber events targeting these providers reveal potential losses up to about 60 times larger than routine incidents for both large banks and large NBFIs, with business interruptions driving most losses. Our findings highlight the need for a holistic cyber risk management approach addressing both individual vulnerabilities and systemic risks from interconnectedness in the financial system.

Suggested Citation

  • Jin-Wook Chang & Jacob Dice & Shengwu Du & Adam Flury & Sam Jerow & Seung Jung Lee & Stacey L. Schreft & Craig Vandre, 2025. "Cyber Vulnerabilities at Large US Financial Institutions and Their Third-Party Service Providers," Finance and Economics Discussion Series 2025-103, Board of Governors of the Federal Reserve System (U.S.).
    • Handle: RePEc:fip:fedgfe:2025-103
    DOI: 10.17016/FEDS.2025.103
    as

    Download full text from publisher

    File URL: https://www.federalreserve.gov/econres/feds/files/2025103pap.pdf
    Download Restriction: no
    File URL: https://libkey.io/10.17016/FEDS.2025.103?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Anneke Kosse & Zhentong Lu, . "Transmission of cyber risk through the Canadian wholesale payment system," Journal of Financial Market Infrastructures, Journal of Financial Market Infrastructures.
    2. Will Cong & Campbell Harvey & Daniel Rabetti & Zong-Yu Wu, 2025. "An Anatomy of Crypto-Enabled Cybercrimes," Management Science, INFORMS, vol. 71(4), pages 3622-3633, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. repec:osf:osfxxx:g2q5t_v1 is not listed on IDEAS
    2. Thomas M. Eisenbach & Anna Kovner & Michael Junho Lee, 2025. "When It Rains, It Pours: Cyber Vulnerability and Financial Conditions," Economic Policy Review, Federal Reserve Bank of New York, vol. 31(1), pages 1-24, January.
    3. Zhang, Luyao, 2023. "Machine Learning for Blockchain: Literature Review and Open Research Questions," OSF Preprints g2q5t, Center for Open Science.
    4. Helga Koo & Remco van der Molen & Robert Vermeulen & Ralph Verhoeks & Alessandro Pollastri, 2022. "A macroprudential perspective on cyber risk," Occasional Studies 2001, DNB.
    5. Ajit Desai & Jacob Sharples & Anneke Kosse, 2024. "Finding a needle in a haystack: a machine learning framework for anomaly detection in payment systems," IFC Bulletins chapters, in: Bank for International Settlements (ed.), Granular data: new horizons and challenges, volume 61, Bank for International Settlements.
    6. Yang, Ming-Yuan & Chen, Zhe-Kai & Hu, Jingwen & Chen, Yiru & Wu, Xin, 2025. "Multidimensional information spillover between cryptocurrencies and China’s financial markets under shocks from stringent government regulations," Journal of International Financial Markets, Institutions and Money, Elsevier, vol. 100(C).
    7. Aslanidis, Nektarios & Bariviera, Aurelio & Kapetanios, George & Sarafidis, Vasilis, 2025. "Heterogeneous Exposures to Systematic and Idiosyncratic Risk across Crypto Assets: A Divide-and-Conquer Approach," MPRA Paper 125124, University Library of Munich, Germany.
    8. Irving Fisher Committee, 2024. "Granular data: new horizons and challenges," IFC Bulletins, Bank for International Settlements, number 61.

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;
    ;

    JEL classification:

    • C15 - Mathematical and Quantitative Methods - - Econometric and Statistical Methods and Methodology: General - - - Statistical Simulation Methods: General
    • G20 - Financial Economics - - Financial Institutions and Services - - - General

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:fip:fedgfe:2025-103. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Ryan Wolfslayer ; Keisha Fournillier (email available below). General contact details of provider: https://edirc.repec.org/data/frbgvus.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.