Reinventing Operational Risk Regulation for a World of Climate Change, Cyberattacks, and Tech Glitches

Proposes a new framework for regulating operational threats such as damage to physical assets, business disruption, and system failures. It suggests replacing rwa regulation with simple buffers of equity and outlines what a “macro-operational” approach to banking supervision might look like. It also acknowledges the limitations of macro-operational supervision and considers what new types of […]

Building Resilience in Cybersecurity — An Artificial Lab Approach

“Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide […]

The Tensions of Cyber-Resilience: From Sensemaking to Practice

“We apply Weick’s (1995) sensemaking framework to examine four foundational tensions of cyber-resilience: a definitional tension, an environmental tension, an internal tension, and a regulatory tension. We then document how these tensions are embedded in cyber-resilience practices at the preparatory, response and adaptive stages. We rely on qualitative data from a sample of 58 cybersecurity […]

Modeling and Pricing Cyber Insurance — A Survey

“We distinguish three main types of cyber risks: idiosyncratic, systematic, and systemic cyber risks. While for idiosyncratic and systematic cyber risks, classical actuarial and financial mathematics appear to be well-suited, systemic cyber risks require more sophisticated approaches that capture both network and strategic interactions.” Lire

The Nature of Losses from Cyber-Related Events: Risk Categories and Business Sectors

“… we do not find a distinct pattern between the frequency of events, the loss severity, and the number of affected records as often alluded to in the literature. We also analyse the severity distribution of cyber related events across all risk categories and business sectors. This analysis reveals that cyber risks are heavy-tailed, i.e., […]

Crisis Preparedness in the Digital World

“The paper will focus on the important role that financial supervisors and regulators can play in promoting effective risk management, supervision and crisis preparedness in relation to fintech developments, and the need for coordination and collaboration with policymakers, government, and the financial sector to address potential threats to financial stability. “ Lire