"The first report on the state of cybersecurity in the Union provides EU policy makers with an evidence-based overview of the state of play of the cybersecurity landscape and capabilities in the EU. The report also provides policy recommendations to address identified shortcomings and increase the level of cybersecurity across the European Union. "
The UK introduced a new regulatory framework to manage risks from critical third-party providers (CTPs). CTPs must adhere to strict operational resilience requirements, including governance, risk management, and incident response. This framework aims to ensure the stability of the UK financial system by mitigating potential disruptions caused by CTP failures.
The ECB's 2024-2026 priorities for banks include enhancing resilience against economic and geopolitical shocks, improving governance, and advancing digital transformation. Key focuses are on credit risk management, internal governance, and cybersecurity to ensure stability amid rising uncertainties.
FinCEN (US Treasury Financial Crimes Enforcement Network) warns financial institutions about deepfakes, emphasizing the shift of compliance risks into operational threats affecting finances, operations, and reputation. Firms must adopt tools like metadata analysis and AI to detect fraud. Reframing compliance as operational risk management enhances resilience, aligning compliance with broader strategic and risk mitigation goals.
“As analysts are primary recipients of these reports, we investigate whether and how analyst forecast properties have changed following the provision of Solvency II information. Using a sample of EEA insurers and a difference-in-differences design, we find reductions in analysts’ earnings forecast errors at the consensus and individual levels, as well as a decrease in forecast dispersion.”
This study proposes a new method for detecting insider trading. The method combines principal component analysis (PCA) with random forest (RF) algorithms. The results show that this method is highly accurate, achieving 96.43% accuracy in classifying transactions as lawful or unlawful. The method also identifies important features, such as ownership and governance, that contribute to insider trading. This approach can help regulators identify and prevent insider trading more effectively.
Cyber risk classifications often fail in out-of-sample forecasting despite their in-sample fit. Dynamic, impact-based classifiers outperform rigid, business-driven ones in predicting losses. Cyber risk types are better suited for modeling event frequency than severity, offering crucial insights for cyber insurance and risk management strategies.
Insurance typically benefits risk-averse individuals by pooling finite-mean risks. However, with infinite-mean distributions (e.g., Pareto, Fréchet), risk sharing can backfire, creating a "nondiversification trap." This applies to highly skewed distributions like Cauchy or catastrophic risks with infinite losses. Open questions remain about these complex scenarios.
The main vulnerability in data protection is ineffective risk management, often subjective and superficial. GDPR outlines what to achieve but not how, leading to inconsistent compliance. This paper advocates a quantitative approach for data protection, emphasizing analytics, quantitative risk analysis, and expert opinion calibration to enhance impact assessments.
This paper introduces a dynamic, proactive cyber risk assessment methodology that combines internal and external data, converting qualitative inputs into quantitative measures within a Bayesian network. Using the Exploit Prediction Scoring System, it dynamically estimates attack success probabilities and asset impact, validated through a Supervisory Control and Data Acquisition (SCADA) environment case study.