IDEAS home Printed from https://ideas.repec.org/p/imf/imfwpa/2025-085.html
   My bibliography  Save this paper

Using Simulations for Cyber Stress Testing Exercises

Author

Listed:
  • Mr. Tanai Khiaonarong
  • Kasperi N Korpinen
  • Emran Islam

Abstract

We demonstrate how computer-based simulations could support cyber stress testing exercises through a three-step framework. First, cyber-attack scenarios are designed to target the systemic nodes of a payment network at different times, disrupting a major bank, critical service provider, large-value payment system, and a foreign exchange settlement system. Second, the stress resulting from the scenarios is simulated using transaction-level data, and its impact is measured through a range of risk metrics. And third, cyber preparedness is discussed to identify effective practices that could strengthen the cyber resilience of the financial sector. The exercise provides insights into the main vulnerabilities of the financial sector and key transmission channels under plausible scenarios that necessitate preemptive action and recovery and response measures. For example, simulation results for Finnish data suggest that end-of-day liquidity risk is most severe when a cyber-attack hits a major bank or several banks simultaneously through dependence on a common critical service provider, compared to an attack on a centralized payment system where effective queuing and liquidity-saving mechanisms can better support recovery. Outcomes could be aggravated under more severe and prolonged scenarios.

Suggested Citation

  • Mr. Tanai Khiaonarong & Kasperi N Korpinen & Emran Islam, 2025. "Using Simulations for Cyber Stress Testing Exercises," IMF Working Papers 2025/085, International Monetary Fund.
    • Handle: RePEc:imf:imfwpa:2025/085
    as

    Download full text from publisher

    File URL: http://www.imf.org/external/pubs/cat/longres.aspx?sk=566489
    Download Restriction: no
    ---><---

    More about this item

    Keywords

    Cyber Resilience; Stress Testing; Simulation; cyber-attack scenario; simulation result; end-of-day liquidity risk; liquidity-saving mechanism; risk metrics; Liquidity; Payment systems; Cyber risk; Financial sector stability; Global;
    All these keywords.

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:imf:imfwpa:2025/085. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Akshay Modi (email available below). General contact details of provider: https://edirc.repec.org/data/imfffus.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.