IRIS

Cyber incidents are becoming more sophisticated and their costs difficult to quantify. Using a unique database of cyber events across sectors in the US, we document the characteristics and drivers of cyber incidents. Cyber costs are higher for larger firms and for incidents that impact several organisations simultaneously. Events with malicious intent (i.e. cyber attacks) tend to be less costly, unless they are on the upper tail of the loss distribution. The financial sector is exposed to a larger number of cyber attacks but suffers lower costs, on average. The use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. As cloud providers become systemically important, cloud dependence is likely to increase tail risks. Finally, we document that higher expenditure on IT is associated with future reduced costs from cyber incidents.

The drivers of cyber risk

Giudici P.;Leach T.
2022-01-01

Abstract

Cyber incidents are becoming more sophisticated and their costs difficult to quantify. Using a unique database of cyber events across sectors in the US, we document the characteristics and drivers of cyber incidents. Cyber costs are higher for larger firms and for incidents that impact several organisations simultaneously. Events with malicious intent (i.e. cyber attacks) tend to be less costly, unless they are on the upper tail of the loss distribution. The financial sector is exposed to a larger number of cyber attacks but suffers lower costs, on average. The use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. As cloud providers become systemically important, cloud dependence is likely to increase tail risks. Finally, we document that higher expenditure on IT is associated with future reduced costs from cyber incidents.
2022
JOURNAL OF FINANCIAL STABILITY
WOS:000820935500005
2-s2.0-85126271367
Esperti anonimi
Inglese
Internazionale
STAMPA
60
100989
Cloud services; Cyber cost; Cyber regulation; Cyber risk; Financial institutions
4
info:eu-repo/semantics/article
262
Aldasoro, I.; Gambacorta, L.; Giudici, P.; Leach, T.
1 Contributo su Rivista::1.1 Articolo in rivista
open
1.1 Articolo in rivista
File in questo prodotto:
File Dimensione Formato  
cyberrisk.pdf

accesso aperto

Dimensione 1.12 MB
Formato Adobe PDF
Visualizza/Apri
1.12 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11571/1454681
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 101
  • ???jsp.display-item.citation.isi??? 81
social impact