The Cyber Due Diligence Object Model (CDDOM) is a structured, extensible framework designed for SMEs to manage cybersecurity due diligence in digital supply chains. Aligned with regulations like NIS2, DORA, CRA, and GDPR, CDDOM enables continuous, automated, and traceable due diligence. It integrates descriptive schemas, role-specific messaging, and decision support to facilitate supplier onboarding, risk reassessment, and regulatory compliance. Validated in real-world scenarios, CDDOM supports automation, transparency, and interoperability, translating compliance and trust signals into machine-readable formats. It fosters resilient, decision-oriented cyber governance, addressing modern cybersecurity challenges outlined in recent research.
This study extends the Gordon–Loeb model for cybersecurity investment by incorporating a Hawkes process to model temporally clustered cyberattacks, reflecting real-world attack bursts. Formulated as a stochastic optimal control problem, it maximizes net benefits through adaptive investment policies that respond to attack arrivals. Numerical results show these dynamic strategies outperform static and Poisson-based models, which overlook clustering, especially in high-risk scenarios. The framework aids risk managers in tailoring responsive cybersecurity strategies. Future work includes empirical calibration, risk-averse loss modeling, cyber-insurance integration, and multivariate Hawkes processes for diverse attack types.
EIOPA's April 2025 Insurance Risk Dashboard indicates stable, medium-level risks in the European insurance sector, though pockets of vulnerability exist due to geopolitical uncertainty and market volatility. Macroeconomic risks are stable but with concerning GDP growth and inflation forecasts. Credit risks remained stable until early April, when spreads widened slightly. Market risks are elevated due to bond and equity volatility. Liquidity, solvency, profitability, financial interlinkages, and insurance risks are stable. Market sentiment is medium risk, and ESG risks are steady but with an intensifying outlook due to shifting environmental agreements.
This study introduces a novel capital allocation mechanism for banks, using game theory to assign capital requirements while enforcing macro-prudential standards. Based on competition for lower requirements, the approach employs insensitive risk measures from Chen et al. (2013) and Kromer et al. (2016), typically yielding a unique Nash allocation rule, while sensitive measures from Feinstein et al. (2017) may need additional conditions for uniqueness. The Eisenberg-Noe (2001) clearing system is analyzed for systemic risk, with numerical Nash allocations demonstrated. The study claims that further investigation into properties like continuity, monotonicity, or convexity is needed, noting that not all can hold simultaneously due to firm interactions.
FERMA supports the EIOPA and ECB's proposal for a European public-private reinsurance scheme to address the natural catastrophe protection gap. While backing the risk-based premium model and the potential for price stability, FERMA emphasizes the need for reliable and consistent data collection across nations. They also highlight the importance of a sufficiently large EU pool to manage premium pricing, a clear regulatory framework avoiding unnecessary burdens, and mechanisms to encourage long-term private sector engagement beyond annual renewals. FERMA advocates for continuous consultation and leveraging the scheme to incentivize risk prevention.
This paper extends prior work to model an insurance company facing a future "tipping point" where catastrophe risks increase. Using viscosity solutions of a Hamilton-Jacobi-Bellman equation, the authors solve an optimal control problem to find the best dividend strategy. They show that, under fair premium adjustments and full observability, increased catastrophe risk may benefit shareholders. Numerical examples support these findings, and future research may explore relaxing model assumptions.
The World Economic Forum (WEF) and the University of Oxford’s GCSCC released the *Cyber Resilience Compass* to help organizations strengthen cyber resilience. Based on global expert input, it outlines seven key areas: leadership, governance, people and culture, business processes, technical systems, crisis management, and ecosystem engagement. It stresses that cyber resilience requires more than technical fixes; it demands aligning strategies with business goals, continuous learning, and collaboration. Tailored approaches are essential, given differing organizational risks and structures. The Compass aims to foster knowledge-sharing and build a scalable, adaptable framework for long-term, effective cyber resilience.
The EBA has launched an ESG dashboard to monitor climate risks across the EU/EEA banking sector using Pillar 3 disclosures. It benchmarks transition and physical risks, revealing high bank exposure (>70%) to carbon-intensive sectors, suggesting significant transition risk. Physical risk exposure is lower (<30%), but data granularity varies. Around half of real estate lending has relatively high energy efficiency, though data relies on estimates. The Green Asset Ratio (GAR) is low (~3%), reflecting the early stage of EU Taxonomy alignment. This framework supports the monitoring of climate-related financial stability risks. The dashboard uses data from December 2023 and June 2024.
L’ACPR et Tracfin actualisent leurs lignes directrices sur la vigilance et les déclarations liées à la lutte contre le blanchiment et le financement du terrorisme (BC-FT). Cette mise à jour intègre les évolutions législatives, les décisions récentes de la Commission des sanctions, les constats sur les dispositifs de surveillance automatisés, l’IA et les nouveaux risques. Elle précise les attentes envers les organismes financiers pour détecter, analyser les opérations atypiques et structurer les déclarations de soupçon afin d’en garantir la qualité. La dernière version datait de 2018.
Integrating Cyber Security (CS) with Enterprise Architecture (EA) offers a holistic approach to managing complex cyber risks. This study, through literature review, focus groups, and interviews, identified four key integration strategies: embedding CS in EA frameworks, leveraging agile secure development, enhancing knowledge exchange, and aligning CS/EA functions. Implementing these can improve Cyber Risk Management efficiency and reliability.