81 résultats
pour « Résilience numérique »
"Using a novel firm-level measure of cybersecurity, we find that cybersecurity risk increases the probability of bank default. The effect is larger for banks with deposit withdrawal, but less pronounced for banks with liquidity buffer. Our results are robust to using an instrumental variable approach and to using alternative measures. "
“While the main discussion of the paper is tailored to the management of systemic cyber risk in digital networks, we also draw parallels to similar risk management frameworks for other types of complex systems.”
The Three Lines of Defence model (based on defence-in-depth approaches) has become one of the primary risk management frameworks. Yet, its application in the cybersecurity space, one of the fastest-growing areas of risk for modern organisations, has been fragmented at best. In this article, we conducted a systematic literature review on the application of this model in cybersecurity.
This study explores cyber risk in businesses, suggesting cybersecurity investment and insurance as key strategies. Using a network model, it examines firms' interconnected decisions, defining a Nash equilibrium where firms optimize cybersecurity and insurance. Findings highlight their interdependence and how network structures affect choices, reinforced by numerical analyses.
Proactive cyber-risk assessment is gaining importance due to its potential benefits in preventing cyber incidents across various sectors and addressing emerging vulnerabilities in cyber-physical systems. This study presents a robust statistical framework, using mid-quantile regression, to assess cyber vulnerabilities, rank them, and measure accuracy while dealing with partial knowledge. The model is tested with simulated and real data to support informed decision-making in operational scenarios.
“Gaps in the data available for assessing cyber risk have limited the development of metrics that would help the public and private sectors prevent and recover from cyberattacks and reduce systemic risk. Cyber incident disclosure rules, introduced to close the data gaps, help but fall short in supporting the effective management of cyber risk. This article examines current and proposed reporting requirements, especially in the financial sector, where they are the most advanced.”
Amid growing cyber threats, research on cyber insurance risk has been limited by data constraints. This paper addresses this gap by utilizing overlooked public data from U.S. state Attorneys General, offering insights into the actual scope of cyber insurance risk. The data, derived from mandatory data breach reporting, provides valuable information for pricing, reserving, underwriting, and experience monitoring in the cyber insurance industry.
The increasing complexity of data protection laws, rising compliance costs, and evolving cyber threats make data security a vital business concern.
#regulators recently issued #cybersecurity #disclosure guidelines to enhance #transparency and #accountability among firms. A study analyzed cybersecurity disclosure practices among a sample of Toronto Stock Exchange firms over seven years. Findings indicate a notable increase in disclosure after 2017 guidance by #canadian Securities Administrators. However, improvements are needed, especially in #governance and #riskmitigation disclosure. This study sheds light on policy's impact on cybersecurity transparency.
#cybersecurity goes beyond networks and people, encompassing #physicalsecurity crucial for organizations. Inadequate physical security, seen in incidents like the Oklahoma City bombing, 9/11 attacks, and U.S. Capitol breach, highlight policy and control failures. Effective physical security involves planning, #riskassessment, #controls, and frameworks like #cpted, #nist, and #fema, addressing present and future #threats.