Cyber risk definition and classification for financial risk management

IF 0.4 4区经济学 Q4 BUSINESS, FINANCE Journal of Operational Risk Pub Date : 2023-01-01 DOI:10.21314/jop.2022.036

Filippo Curti, Jeffrey R. Gerlach, Sophia Kazinnik, Michael Lee, Atanas Mihov

引用次数: 6

Abstract

: Cyber risk is undeniably one of the most critical emerging risks to the financial industry. However, even though cyber risk is recognized as a significant threat to financial institutions and, more generally, to financial stability, the quantification and analysis of cyber risk has not yet matured to the point where it can be consistently measured and managed against corporate risk appetites. This impedes efforts to effectively measure and manage such risk, diminishing institutions’ individual and collective readiness to handle system-level cyber threats. This paper aims to address this gap by providing a preliminary cyber risk definition and classification of cyber risk for risk management purposes. As such, the proposed definition and classification would ensure that adopting institutions are utilizing common language and allowing consistent data collection and sharing. We provide a deeper dive into the reasoning behind the variables we propose to collect and demonstrate how some of the existing cybersecurity events map into our proposed scheme.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

金融风险管理中的网络风险定义与分类

网络风险无疑是金融行业面临的最关键的新兴风险之一。然而，尽管网络风险被认为是对金融机构的重大威胁，更广泛地说，是对金融稳定的重大威胁，但网络风险的量化和分析尚未成熟到可以根据企业的风险偏好对其进行持续衡量和管理的程度。这阻碍了有效衡量和管理此类风险的努力，降低了机构应对系统级网络威胁的个人和集体准备程度。本文旨在通过为风险管理目的提供初步的网络风险定义和网络风险分类来解决这一差距。因此，拟议的定义和分类将确保采用机构使用共同语言，并允许一致的数据收集和共享。我们将更深入地探讨我们建议收集的变量背后的原因，并演示一些现有的网络安全事件如何映射到我们建议的方案中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Operational Risk BUSINESS, FINANCE-

CiteScore

1.00

自引率

40.00%

发文量

期刊介绍： In December 2017, the Basel Committee published the final version of its standardized measurement approach (SMA) methodology, which will replace the approaches set out in Basel II (ie, the simpler standardized approaches and advanced measurement approach (AMA) that allowed use of internal models) from January 1, 2022. Independently of the Basel III rules, in order to manage and mitigate risks, they still need to be measurable by anyone. The operational risk industry needs to keep that in mind. While the purpose of the now defunct AMA was to find out the level of regulatory capital to protect a firm against operational risks, we still can – and should – use models to estimate operational risk economic capital. Without these, the task of managing and mitigating capital would be incredibly difficult. These internal models are now unshackled from regulatory requirements and can be optimized for managing the daily risks to which financial institutions are exposed. In addition, operational risk models can and should be used for stress tests and Comprehensive Capital Analysis and Review (CCAR). The Journal of Operational Risk also welcomes papers on nonfinancial risks as well as topics including, but not limited to, the following. The modeling and management of operational risk. Recent advances in techniques used to model operational risk, eg, copulas, correlation, aggregate loss distributions, Bayesian methods and extreme value theory. The pricing and hedging of operational risk and/or any risk transfer techniques. Data modeling external loss data, business control factors and scenario analysis. Models used to aggregate different types of data. Causal models that link key risk indicators and macroeconomic factors to operational losses. Regulatory issues, such as Basel II or any other local regulatory issue. Enterprise risk management. Cyber risk. Big data.