cyber risk as systemic risk
play

Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre - PowerPoint PPT Presentation

Jan 02, 2024 •96 likes •351 views

Introduction Systemic Risk Cyber as systemic Conclusion Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics www.systemicrisk.ac.uk June 10 th 2016 Introduction Systemic Risk Cyber as systemic

  1. Introduction Systemic Risk Cyber as systemic Conclusion Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics www.systemicrisk.ac.uk June 10 th 2016

  2. Introduction Systemic Risk Cyber as systemic Conclusion Based on • “Cyber Risk as Systemic Risk” • by Jon Danielsson, Morgane Fouch´ e and Robert Macrae • out on VoxEU.org today

  3. Introduction Systemic Risk Cyber as systemic Conclusion Lots of cyber events, like • $ 81 million theft from the Bangladeshi Central Bank via SWIFT • Ecuador’s Banco el Austro got $ 12 million stolen via SWIFT • DRIDEX virus causes $ 100m in losses • JP Morgan had data on 76 million US household account details stolen in 2014 • Stuxnet worm sabotaging Irans nuclear programme • US government had 18 million personnel records stolen Cyber risk — Risk emanating from computer systems and computer networks

  4. Introduction Systemic Risk Cyber as systemic Conclusion The question is • Is cyber risk a significant channel for systemic risk? • A lot of authorities say so • Bank of Canada, BIS (2014), Bank of England, SEC, etc. • and plenty of consultants • Is it true, and then how?

  5. Introduction Systemic Risk Cyber as systemic Conclusion Where does cyber risk come from? • Technical computer system failures • Thiefs • Hacktivists, terrorists and smaller states • Largest state actors

  6. Introduction Systemic Risk Cyber as systemic Conclusion 1914 is perhaps the closest we ever got to a systemic crisis • Globalism was at its peak in 1914 • The world’s financial system was highly integrated • The assassination of Archduke Franz Ferdinand on June 28 changed all of that • The important observation is that the financial crisis did not happen because of World War I But in anticipation of it • In other words, confidence , and hence liquidity , disappeared • It is the mechanism that matters, not the trigger

  7. Introduction Systemic Risk Cyber as systemic Conclusion What is systemic risk? IMF, BIS and FSB (2009) “The disruption to the flow of financial services that is (i) caused by an impairment of all or parts of the financial system; and (ii) has the potential to have serious negative consequences for the real economy.”

  8. Introduction Systemic Risk Cyber as systemic Conclusion The conditions for systemic risk tend to be created when all outward signs point to stability and low risk.

  9. Introduction Systemic Risk Cyber as systemic Conclusion Macro and micro Macro deals with systemic risk • Micro–prudential focuses on individual banks and consumer protection • individual/idiosyncratic risk, correlations are ignored; bottom-up • risk is exogenous; partial equilibrium • Macro–prudential focuses on the financial system • systemic risk, herd behaviour and shift in risk perception; top down • risk is endogenous; general equilibrium

  10. Introduction Systemic Risk Cyber as systemic Conclusion How often do systemic crises happen? • Ask the IMF–WB systemic crises database • Every 42 years for OECD members (17 for UK) • If anything, that is an overestimate • Database includes relatively non–extreme events, like 1987 and 1998 • Best indication of the target probability for policymakers

  11. Introduction Systemic Risk Cyber as systemic Conclusion The root cause of systemic crises is risk-taking behavior of economic agents • Excessive risk–taking by financial institutions • best indicator of a future crisis is large credit growth • The hidden mechanisms matter • interlinkages, excessive risk-taking with under appreciation of risk, pro–cyclicality, liquidity • hidden trigger • Same chain of events can blow up into a crisis or wimper into nothing • Risk that is undetected or ignored by the powers that be • Creating the potential for an abrupt fall in confidence

  12. Introduction Systemic Risk Cyber as systemic Conclusion Confidence and liquidity • Behaviour motivated by confidence • We only participate in markets if we believe the financial system functions as always • Especially the plumbing • Disappearance of confidence is a strong and often early indication of crisis • We have to believe that the financial edifice is at real risk of collapse for a crisis to really turn systemic (think 1914)

  13. Introduction Systemic Risk Cyber as systemic Conclusion Cyber as cause of systemic risk • Cyber risk can not be the root cause of a systemic crisis • Systemic risk is caused by excessive risk taking • And cyber risk has nothing to say about that • No direct connection between the failure of computer systems and risk taking behaviour of economic agents • OK, we can envision a large enough cyber event • And an asteroid hitting city of London • And a nuclear attack • But timing of the event matters

  14. Introduction Systemic Risk Cyber as systemic Conclusion Timing matters • Suppose a country’s ATM system fails for a few days. Would that be systemic? • It depends • If it happened today, no • If 1 October 2008 yes • Any attacker must 1. be very lucky 2. maintain her attack vectors in place for years or decades 3. or be able to create a heightened state of financial market vulnerability

  15. Introduction Systemic Risk Cyber as systemic Conclusion A cyber event could act as a trigger • Provided the timing is just right • Any event causing fall in confidence and liquidity is not systemic unless • The levels of excessive risk-taking are at a tipping point • Else recover quickly • October 1987, LTCM in 1998 and the 2011 flash crash. • In general, triggers are irrelevant • A very large number of potential triggers exist • Unless the timing is fortuitous

  16. Introduction Systemic Risk Cyber as systemic Conclusion Systems failures and theft • Systems failures and theft can have a very large micro-prudential impact • But since the timing and victims are likely to be idiosyncratic • It is practically impossible for them to act as a trigger for a systemic crisis

  17. Introduction Systemic Risk Cyber as systemic Conclusion Hacktivists, terrorists and smaller state actors • Subvert IT systems to promote a political agenda • Possibly with multiple targets and as part of a broader strategy of disruption • Very unlikely to have systemic consequences • have to combine the attack with other forms of aggression • and would need absolutely right timing

  18. Introduction Systemic Risk Cyber as systemic Conclusion • Financial institutions have become well equipped • Multiple backup systems • Robust recovery mechanisms • State-of-the-art countermeasures and liquidity backstops • All these make a cyber attack very unlikely to trigger a systemic event

  19. Introduction Systemic Risk Cyber as systemic Conclusion Largest state actors • Can spend years developing and deploying attacks • Keeping them hidden • Until coordinated attacks on multiple IT systems • Can be assumed to be on a colossal scale • involving multiple computer systems and their backup mechanisms • Even then...

  20. Introduction Systemic Risk Cyber as systemic Conclusion Cyber as one element of economic war • Manufacture the necessary uncertainty through financial means, e.g. • making credible threats to world trade • the sequestration of foreign assets • repudiation of international liabilities. • On a a sufficiently large scale could easily lead to a repeat of the experiences of 1914 • All these attacks require is enough international connectedness to allow trust in domestic institutions to be destroyed by a foreign actor

  21. Introduction Systemic Risk Cyber as systemic Conclusion But • While financial warfare of this type would presumably be accompanied by a cyber attack • It is not clear that the cyber element would really be necessary • And even then would only play a secondary role

  22. Introduction Systemic Risk Cyber as systemic Conclusion Cyber risk is micro–prudential • Cyber events can cause very serious damage to the financial system • Significant micro–prudential risk

  23. Introduction Systemic Risk Cyber as systemic Conclusion Cyber and financial systemic risk • Many argue that cyber risk can be systemic • Cyber risk cannot be the cause of systemic risk • It can be the trigger provided timing is fortuitous • But even then, the main issue for policymakers is why timing is is fortuitous

  24. Introduction Systemic Risk Cyber as systemic Conclusion Policy conclusion • The cyber risk debate has focused solely on IT considerations • Many assertions are inconsistent with existing macro understanding • Particular economic circumstances are required to make a cyber attack systemic If cyber risk has systemic consequences, the chain of causality will be found in the macro-prudential domain

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Coupled Diffusions and Systemic Risk Systemic Risk Illustrated Jean-Pierre Fouque

Coupled Diffusions and Systemic Risk Systemic Risk Illustrated Jean-Pierre Fouque

Coupled Diffusions and Systemic Risk Systemic Risk Illustrated Jean-Pierre Fouque University of California Santa Barbara Joint work with Li-Hsien Sun Meeting on Financial Risks RiskLab Madrid, May 24th, 2012 HANDBOOK ON SYSTEMIC RISK

722 views • 39 slides
Systemic risk and financial regulations J on Dan elsson Systemic Risk Centre London

Systemic risk and financial regulations J on Dan elsson Systemic Risk Centre London

Case study Empirics of risk Nature of risk Conclusion Systemic risk and financial regulations J on Dan elsson Systemic Risk Centre London School of Economics www.SystemicRisk.ac.uk March 18, 2016 Case study Empirics of risk

1.09k views • 49 slides
Systemic Cyber Risk the problemalthough not the answers Phil Warren Deputy Chief

Systemic Cyber Risk the problemalthough not the answers Phil Warren Deputy Chief

Introduction YOU are our first line of defence Systemic Cyber Risk the problemalthough not the answers Phil Warren Deputy Chief Information Security Officer Bank of England The Future Introduction YOU are our first line of

237 views • 12 slides
On the nature of financial risk: Why risk is so hard to measure and why risk models fail so often

On the nature of financial risk: Why risk is so hard to measure and why risk models fail so often

Case study Model risk Measure risk Nature of risk Minsky Conclusion On the nature of financial risk: Why risk is so hard to measure and why risk models fail so often J on Dan elsson Systemic Risk Centre London School of Economics

1.12k views • 89 slides
Size, Interconnectedness and the Regulation of Systemic Risk Ashkan Nikeghbali and Thierry

Size, Interconnectedness and the Regulation of Systemic Risk Ashkan Nikeghbali and Thierry

Some topics Systemic risk modeling Network risk modeling Conclusion Size, Interconnectedness and the Regulation of Systemic Risk Ashkan Nikeghbali and Thierry Roncalli Institute of Mathematics, University of Zurich, Switzerland

448 views • 28 slides
Assessing the Systemic Risk of a Portfolio of Heterogeneous Banks During the Recent Financial

Assessing the Systemic Risk of a Portfolio of Heterogeneous Banks During the Recent Financial

Assessing the Systemic Risk of a Portfolio of Heterogeneous Banks During the Recent Financial Crisis Xin Huang 1 Hao Zhou 2 Haibin Zhu 3 1 University of Oklahoma 2 Federal Reserve Board 3 J.P . Morgan Chase Bank, N.A. Global Systemic Risk

974 views • 63 slides
Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management

Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management

Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management Association Date: August 18, 2016 Agenda An Overview of Cyber Risk Exposures 1. Legal & Regulatory Trends 2. Marshs Cyber Risk Management

649 views • 31 slides
Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk

Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk

Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech Information Security Center Georgia Tech

763 views • 16 slides
Measuring Systemic Risk and Assessing Systemic Importance in Global and Regional Financial Markets

Measuring Systemic Risk and Assessing Systemic Importance in Global and Regional Financial Markets

Technische Universitt Mnchen Measuring Systemic Risk and Assessing Systemic Importance in Global and Regional Financial Markets Using the Expected Systemic Shortfall (ESS) Indicator Lahmann / Kaserer (2011) 11 th Annual Bank Research

207 views • 20 slides
Financial Financial Systemic Risk Management Systemic Risk Management Koreas Experiences

Financial Financial Systemic Risk Management Systemic Risk Management Koreas Experiences

G20 Conference on Financial Systemic Risk (September 27-28, 2012, Istanbul, Turkey) Financial Financial Systemic Risk Management Systemic Risk Management Koreas Experiences Koreas Experiences Koreas Experiences Koreas

295 views • 25 slides
Is early warning against systemic risk feasible? The ECBs newly developed analytical support

Is early warning against systemic risk feasible? The ECBs newly developed analytical support

Is early warning against systemic risk feasible? The ECBs newly developed analytical support to the European Systemic Risk Board Latsis Symposium 2012 Economics on the Move Carsten Detken Head, Financial Stability Surveillance Division

1.01k views • 43 slides
Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to

Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to

Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to prepare for Cyber Risk: 3 2 1 Understand the tech & Cyber insurance Focus on company interconnected risks culture 2 Policy: Protection &

774 views • 18 slides
Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

FREE Lifelong Learning Event for Fasset Members Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk assessment control matrix management process Governance Risk appetite Agenda for and risk Risk

1.28k views • 105 slides
Endogenous Risk-Exposure and Systemic Instability Chong Shu University of Southern California

Endogenous Risk-Exposure and Systemic Instability Chong Shu University of Southern California

Endogenous Risk-Exposure and Systemic Instability Chong Shu University of Southern California FDIC-JFSR Annual Bank Conference September 13, 2019 Do highly connected financial networks contribute to systemic stability or systemic fragility?

1.14k views • 16 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Mechanisms of Systemic Risk Contagion, Reinforcement, Redistribution Frank Schweitzer

Mechanisms of Systemic Risk Contagion, Reinforcement, Redistribution Frank Schweitzer

Mechanisms of Systemic Risk Frank Schweitzer ZIF Workshop Bielefeld, Germany 01-11 September 2009 1 / 36 Mechanisms of Systemic Risk Contagion, Reinforcement, Redistribution Frank Schweitzer fschweitzer@ethz.ch in collaboration with:

526 views • 48 slides
The endogenous dynamics of markets: price impact, feedback loops and instabilities J.P.

The endogenous dynamics of markets: price impact, feedback loops and instabilities J.P.

The endogenous dynamics of markets: price impact, feedback loops and instabilities J.P. Bouchaud http://www.cfm.fr The Sacred Lore of Efficient Markets Why and how do market prices move? Efficient market theory: Rational Agents and

456 views • 29 slides
OR CONSUMPTION TAX? Parthasarathi Shome* (www.parthoshome.com) Chairman, International Tax

OR CONSUMPTION TAX? Parthasarathi Shome* (www.parthoshome.com) Chairman, International Tax

INCOME OR CONSUMPTION TAX? Parthasarathi Shome* (www.parthoshome.com) Chairman, International Tax Research & Analysis Foundation (ITRAF)** Bangalore, India * All opinions expressed within this presentation are those of the author and

492 views • 25 slides
Building Bridges for Understanding: Reading Success for English Language Learners Maria S. Carlo,

Building Bridges for Understanding: Reading Success for English Language Learners Maria S. Carlo,

Building Bridges for Understanding: Reading Success for English Language Learners Maria S. Carlo, University of Miami Diane August, Center for Applied Linguistics Empirical and Theoretical Background: Considerable previous work (Garca, 1991;

705 views • 39 slides
The Battle for the Historicity of the Bible German I dealism, Theological Romanticism (Liberalism/

The Battle for the Historicity of the Bible German I dealism, Theological Romanticism (Liberalism/

The Battle for the Historicity of the Bible German I dealism, Theological Romanticism (Liberalism/ Existentialism), Biblical Criticism & Postmodern Fascism Divine Revelation in History = Bible Divine Revelation/ Testimony in Creation &

362 views • 32 slides
Flipping the Classroom in Legal Skills Courses Alex Berrio Matamoros, City University of New York

Flipping the Classroom in Legal Skills Courses Alex Berrio Matamoros, City University of New York

Flipping the Classroom in Legal Skills Courses Alex Berrio Matamoros, City University of New York School of Law Rich McCue, University of Victoria Faculty of Law CALI Conference for Law School Computing June 13 th , 2013 Before we begin

543 views • 30 slides
The Young Paul Otlet The Book and Bibliography A 23-year old Otlet questions the nature of the

The Young Paul Otlet The Book and Bibliography A 23-year old Otlet questions the nature of the

From the Card to the World City : knowledge organisation and visualisation in the work and ideas of Paul Otlet W. Boyd Rayward Professor Emeritus University of Illinois & University of New South Wales International UDC Seminar24-25 October

417 views • 24 slides
Wood (2011) USGS Hazard-Risk Factsheet

Wood (2011) USGS Hazard-Risk Factsheet

Wood (2011) USGS Hazard-Risk Factsheet

330 views • 17 slides
Long-run growth Part I The proximate determinants Keep in mind our approach Total income and

Long-run growth Part I The proximate determinants Keep in mind our approach Total income and

1/18/2019 Long-run growth Part I The proximate determinants Keep in mind our approach Total income and total output are two sides of the same coin. Higher real income is thus equivalent to higher real production. Realized

724 views • 36 slides

More recommend