Nos derniers articles

The EU Cyber Resilience Act (CRA) establishes cybersecurity standards for connected digital products across the EU. The act aims to enhance transparency and reduce vulnerabilities through risk-based assessments and a CE (Conformité Européenne) marking scheme. While the CRA is seen as a crucial step to address systemic digital risks and regulatory gaps, this analysis suggests it is premature and underdeveloped. The paper raises concerns about the feasibility of its implementation, particularly for small and medium-sized enterprises (SMEs), and highlights challenges with standardized norms and third-party assessment frameworks. The CRA's success, the paper concludes, will depend on its adaptability and sensitivity to economic realities, suggesting it could otherwise hinder innovation.

Le rapport « 2025 stress test of euro area banks » du 1er août 2025 détaille l'exercice de test de résistance mené par la Banque centrale européenne (BCE) pour évaluer la capacité des banques de la zone euro à résister à des chocs économiques et financiers. Cet exercice projette l'évolution de la position de capital des institutions sur trois ans, de 2025 à 2027, sous un scénario de base et un scénario défavorable hypothétique, ce dernier impliquant une aggravation des tensions géopolitiques. Le document analyse l'impact de ces scénarios sur les risques de crédit, de marché et opérationnels, ainsi que sur la rentabilité des banques, intégrant également les nouvelles règles du Règlement sur les exigences de fonds propres 3 (CRR3). Le rapport conclut que le secteur bancaire de la zone euro est globalement robuste, tout en soulignant la nécessité d'une planification prudente du capital face aux incertitudes actuelles.

𝗘𝗜𝗢𝗣𝗔 released its July 2025 𝙄𝙣𝙨𝙪𝙧𝙖𝙣𝙘𝙚 𝙍𝙞𝙨𝙠 𝘿𝙖𝙨𝙝𝙗𝙤𝙖𝙧𝙙, offering an assessment of the European insurance sector's financial health as of Q1 2025 Solvency II data and Q2 2025 market data. Overall, the report indicates a stable risk landscape at a medium level for the European insurance sector, demonstrating notable resilience. However, it also highlights a negative outlook in certain areas over the next year, influenced by complex global dynamics such as geopolitical tensions and market volatility. Specifically, market risks due to fixed income volatility and cyber and digitalization risks are identified as growing concerns, necessitating continued vigilance despite general stability.

A joint initiative by the American Bankers Association and the Financial Services Coordinating Council supports expanding cloud deployment while aiming to mitigate associated risks. Published July 29, 2025, the ABA Banking Journal outlines collaboration among federal regulators, banks and major cloud providers (AWS, Microsoft Azure, Google Cloud, IBM). It highlights key risks—such as CSP‑related operational incidents, misconfigurations under shared‑responsibility models, monitoring gaps, tool and talent deficiencies, and market concentration. The article details a voluntary 16‑section reference tool covering audit, supply‑chain risk, contractual provisions, operational resilience and more. It aims to enhance transparency, cyber‑resilience and regulatory alignment in cloud adoption.

Lack of high-quality public cyber incident data hinders empirical research and predictive modeling for cyber risk. Companies' reluctance to disclose incidents, fearing reputational damage, perpetuates this challenge. Actuarial solutions focus on enhancing existing datasets and employing advanced modeling. A new InsurTech framework is proposed to enrich cyber incident data with entity-specific attributes, addressing the gap in publicly available information. Machine learning models predict incident types and estimate frequencies, demonstrating improved robustness when incorporating InsurTech-derived features. This framework aims to generate transparent, entity-specific cyber risk profiles, supporting tailored underwriting and proactive risk mitigation for insurers and organizations.

The paper 𝙏𝙝𝙚 𝙍𝙚𝙜𝙪𝙡𝙖𝙩𝙞𝙤𝙣 𝙤𝙛 𝘿𝙖𝙩𝙖 𝙋𝙧𝙞𝙫𝙖𝙘𝙮 𝙖𝙣𝙙 𝘾𝙮𝙗𝙚𝙧𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 by Jasmin Gider (Tilburg University - Tilburg University School of Economics and Management), Luc Renneboog (Tilburg University - Department of Finance), and Tal Strauss (European Central Bank ECB) compares and contrasts the regulatory landscapes of data privacy and cybersecurity in the EU and the US. It outlines the fragmented nature of US regulations, often relying on state-specific laws and sectoral approaches, in contrast to the EU's more unified framework like 𝗚𝗗𝗣𝗥 and 𝗡𝗜𝗦 Directives. The text details the increasing costs and frequency of cyber incidents, emphasizing the insufficient mandatory disclosure requirements in both regions. Furthermore, it identifies gaps in current legislation and ongoing efforts, such as the 𝗘𝗨'𝘀 𝗖𝘆𝗯𝗲𝗿 𝗥𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗔𝗰𝘁 and the US.'s 𝗖𝗜𝗥𝗖𝗜𝗔, to enhance 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 and address underinvestment in 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆.

The AMRAE study describes 2024 as a positive year for the cyber insurance market, with rising but manageable claim numbers. There's a notable increase in cyber insurance uptake, especially among intermediate and medium-sized businesses, suggesting broader market penetration.
For the first time in five years, premium volume slightly dropped, with an average 18% reduction in annual premium rates for large companies and declining deductibles, indicating increased market flexibility.
However, the report identifies emerging concerns. Claims and payouts for large companies are increasing significantly. Also, a slight capacity increase is not commensurate with rate decreases, suggesting large companies may have reduced budgets more than they've expanded capacity. The study emphasizes the continued importance of accurate cyber risk exposure measurement given geopolitical tensions and new attack vectors.

Financial institutions are increasingly dependent on third-party service providers (TPSPs), raising concerns about systemic risks due to limited transparency. While the EU and U.K. have introduced formal oversight regimes, the U.S. relies on industry cooperation and micro-prudential supervision. A recent case study highlights financial stability risks from a payments disruption linked to a TPSP. As rapid technological change reshapes the financial sector, vulnerabilities from TPSP concentration and interconnectedness may grow. Greater understanding is needed to assess these risks and inform potential oversight responses.

This article claims that Generative AI (GenAI) is revolutionizing actuarial science, as demonstrated in four case studies. Large Language Models enhance claims cost prediction by extracting features from unstructured text, reducing errors. Retrieval-Augmented Generation automates market comparisons by processing document data. Fine-tuned, vision-enabled LLMs excel in classifying car damage and extracting contextual details. A multi-agent system autonomously analyzes datasets and generates detailed reports. GenAI also shows promise in automating claims processing, fraud detection, and document compliance verification. Challenges include regulatory compliance, ethical concerns, and technical limitations, emphasizing the need for careful integration of GenAI in insurance workflows.

This study explores how Machiavellianism, a manipulative personality trait, fuels malicious insider behavior through the Fraud Triangle’s elements: pressure, opportunity, and rationalization. Analyzing 768 U.S. employees via PLS-SEM, researchers found Machiavellianism strongly influences all three, with rationalization as the primary driver of unethical intent. The findings highlight rationalization’s role in justifying malicious acts, urging organizations to bolster ethical cultures and accountability to curb insider threats. By linking personality traits to situational factors, the study enhances cybersecurity risk modeling and advocates for behaviorally informed insider threat prevention strategies.