81 résultats
pour « Résilience numérique »
This paper argues that traditional cyber risk classifications are too restrictive for effective out-of-sample forecasting. It recommends focusing on dynamic, impact-based classifications for better predictions of cyber risk losses, suggesting that risk types are more useful for modeling event frequency rather than severity.
This paper introduces a novel multivariate dependence model to better represent cyber breach risks by capturing temporal and cross-group dependencies. Using a semi-parametric and copula approach, it improves predictive performance and generates more profitable insurance contracts, outperforming existing models in managing cyber risk and insurance pricing.
This study examines how organizations conceptualize and manage cyber risk, finding a gap between the normative risk-based management approach and actual practices. Organizations often use qualitative assessments masked as quantitative, creating an illusion of precision. The study proposes "qualculation" as the highest standard for aligning cyber risk measurement and management.
“We find suggestive evidence indicating that some firms manipulate the discovery date (“misreport”) of a cybersecurity incident to postpone the disclosure of the incident, as evidenced by a pronounced spike in insider sales before the reported discovery date. We also find that misreporting is more prevalent among firms with weak internal control systems, when firms face low litigation risk, and when firms have greater pressure to meet a disclosure deadline.”
Financial institutions must enhance cyber defenses and regulatory frameworks must adapt to new risks. International agencies are creating coherent cybersecurity standards, exemplified by the EU's Digital Operational Resilience Act (DORA). Effective defense also requires robust institutional governance and sector-led standards.
Optimal cybersecurity investment depends on threat severity and bank fragility. Regulators should consider operational resilience standards, red-teaming, subsidies, and negligence penalties to facilitate socially desirable cybersecurity investment.
The paper reviews the DORA Regulation, highlighting challenges in supervisory convergence, solution centralization, and oversight fragmentation. It argues that despite DORA's positive steps for digital resilience, Europe's fragmented supervision system hampers its effectiveness. The authors suggest that a more centralized, cross-sectoral supervisory approach is needed for better regulation and supervision.
The EU aims to foster digital transformation across sectors by 2030 through legislation on AI, cloud computing, and crypto-assets. However, compared to ESG, banking regulation lacks a clear framework for managing digital risks and supervisory assessment. This paper discusses digital innovation in banking, proposing risk-based Pillar 2 prudential framework and harmonized Pillar 3 disclosures to address this gap.
Cyber risk presents significant challenges to society, yet its statistical behavior remains insufficiently understood. This paper analyzes three databases to study cyber risk dynamics. It identifies increasing frequency and severity, particularly in malicious events since 2018. Persistent heavy-tailedness across risk categories implies lower insurance demand and potentially heightened risk levels for firms.
“The financial impact of cybercrime paints a concerning picture. According to the FBI's Internet Crime Complaint Center (IC3), cybercrime complaints in 2023 reached record highs, with reported losses exceeding $10 billion (IC3, 2023). Furthermore, IBM's 2023 Cost of a Data Breach Report estimates the average global cost of a data breach to be a staggering $4.5 million (IBM, 2023). These statistics highlight the immense financial burden cybercrime places on individuals, organizations, and governments.”