IDEAS home Printed from https://ideas.repec.org/p/fip/fedgfe/2025-103.html
   My bibliography  Save this paper

Cyber Vulnerabilities at Large US Financial Institutions and Their Third-Party Service Providers

Author

Abstract

This paper examines cyber vulnerabilities across the 100 largest US banks, non-bank financial institutions (NBFIs), and their third-party service providers. Our analysis, based on a proprietary cyber risk analytics model, shows NBFIs exhibit greater cyber vulnerabilities than banks, though banks face larger relative losses from routine incidents. We identify third-party service providers as a hidden cyber fault line in the financial system, often having greater vulnerabilities than the institutions they serve and creating systemic risks. Scenario analyses of catastrophic cyber events targeting these providers reveal potential losses up to about 60 times larger than routine incidents for both large banks and large NBFIs, with business interruptions driving most losses. Our findings highlight the need for a holistic cyber risk management approach addressing both individual vulnerabilities and systemic risks from interconnectedness in the financial system.

Suggested Citation

  • Jin-Wook Chang & Jacob Dice & Shengwu Du & Adam Flury & Sam Jerow & Seung Jung Lee & Stacey L. Schreft & Craig Vandre, 2025. "Cyber Vulnerabilities at Large US Financial Institutions and Their Third-Party Service Providers," Finance and Economics Discussion Series 2025-103, Board of Governors of the Federal Reserve System (U.S.).
    • Handle: RePEc:fip:fedgfe:2025-103
    DOI: 10.17016/FEDS.2025.103
    as

    Download full text from publisher

    File URL: https://www.federalreserve.gov/econres/feds/files/2025103pap.pdf
    Download Restriction: no
    File URL: https://libkey.io/10.17016/FEDS.2025.103?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;
    ;

    JEL classification:

    • C15 - Mathematical and Quantitative Methods - - Econometric and Statistical Methods and Methodology: General - - - Statistical Simulation Methods: General
    • G20 - Financial Economics - - Financial Institutions and Services - - - General

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:fip:fedgfe:2025-103. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Ryan Wolfslayer ; Keisha Fournillier (email available below). General contact details of provider: https://edirc.repec.org/data/frbgvus.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.