The Spillover Effect of the Bangladesh Bank Cyber Heist on Banks’ Cyber Risk Disclosures in Bangladesh

IF 0.4 4区经济学 Q4 BUSINESS, FINANCE

Journal of Operational Risk Pub Date : 2020-04-04 DOI:10.21314/JOP.2020.249

M. Mazumder, A. Sobhan

{"title":"The Spillover Effect of the Bangladesh Bank Cyber Heist on Banks’ Cyber Risk Disclosures in Bangladesh","authors":"M. Mazumder, A. Sobhan","doi":"10.21314/JOP.2020.249","DOIUrl":null,"url":null,"abstract":"Bangladesh Bank (BB), the central bank of Bangladesh, experienced a highly organized cyber heist in February 2016 that seriously impaired the legitimacy of the cyber security systems of the country’s overall banking sector. This study examines the spillover effect of that cyber heist on the cyber risk disclosures of the banking sector in Bangladesh. Building on institutional theory, we propose that in emerging markets, after a notable cyber heist experienced by the country’s central bank, the banking sector of the country tends to increase cyber risk disclosures as an institutional strategy to regain legitimacy. Analyzing the disclosures in the annual reports of 38 commercial banks from 2014 to 2018, we find that banks’ cyber risk disclosures significantly increased after the BB cyber heist.We also find that the political embeddedness of the banks and their adherence to Islamic Shariah negatively influence a bank’s tendency to use cyber risk disclosures as a legitimacy-regaining strategy after the heist. Our institutional perspective offers new insights into why the banks in an emerging country engage more in cyber risk disclosures after such an atrocious cyber attack.","PeriodicalId":54030,"journal":{"name":"Journal of Operational Risk","volume":"64 1","pages":""},"PeriodicalIF":0.4000,"publicationDate":"2020-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Operational Risk","FirstCategoryId":"96","ListUrlMain":"https://doi.org/10.21314/JOP.2020.249","RegionNum":4,"RegionCategory":"经济学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}

引用次数: 2

Abstract

Bangladesh Bank (BB), the central bank of Bangladesh, experienced a highly organized cyber heist in February 2016 that seriously impaired the legitimacy of the cyber security systems of the country’s overall banking sector. This study examines the spillover effect of that cyber heist on the cyber risk disclosures of the banking sector in Bangladesh. Building on institutional theory, we propose that in emerging markets, after a notable cyber heist experienced by the country’s central bank, the banking sector of the country tends to increase cyber risk disclosures as an institutional strategy to regain legitimacy. Analyzing the disclosures in the annual reports of 38 commercial banks from 2014 to 2018, we find that banks’ cyber risk disclosures significantly increased after the BB cyber heist.We also find that the political embeddedness of the banks and their adherence to Islamic Shariah negatively influence a bank’s tendency to use cyber risk disclosures as a legitimacy-regaining strategy after the heist. Our institutional perspective offers new insights into why the banks in an emerging country engage more in cyber risk disclosures after such an atrocious cyber attack.

查看原文本刊更多论文

孟加拉国银行网络抢劫对孟加拉国银行网络风险披露的溢出效应

2016年2月，孟加拉国央行孟加拉国银行(BB)经历了一次高度组织化的网络抢劫，严重损害了该国整个银行业网络安全系统的合法性。本研究考察了网络抢劫对孟加拉国银行业网络风险披露的溢出效应。在制度理论的基础上，我们提出，在新兴市场，在该国央行经历了一次显著的网络抢劫之后，该国的银行业倾向于增加网络风险披露，作为一种制度性战略，以重新获得合法性。通过对38家商业银行2014 - 2018年年报披露情况的分析，我们发现，BB网络劫案发生后，银行的网络风险披露明显增加。我们还发现，银行的政治嵌入性及其对伊斯兰教法的遵守对银行在抢劫后使用网络风险披露作为合法性恢复策略的倾向产生了负面影响。我们的制度视角为我们提供了新的见解，让我们了解为什么在发生如此残暴的网络攻击后，新兴国家的银行会更多地披露网络风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Operational Risk BUSINESS, FINANCE-

CiteScore

1.00

自引率

40.00%

发文量

期刊介绍： In December 2017, the Basel Committee published the final version of its standardized measurement approach (SMA) methodology, which will replace the approaches set out in Basel II (ie, the simpler standardized approaches and advanced measurement approach (AMA) that allowed use of internal models) from January 1, 2022. Independently of the Basel III rules, in order to manage and mitigate risks, they still need to be measurable by anyone. The operational risk industry needs to keep that in mind. While the purpose of the now defunct AMA was to find out the level of regulatory capital to protect a firm against operational risks, we still can – and should – use models to estimate operational risk economic capital. Without these, the task of managing and mitigating capital would be incredibly difficult. These internal models are now unshackled from regulatory requirements and can be optimized for managing the daily risks to which financial institutions are exposed. In addition, operational risk models can and should be used for stress tests and Comprehensive Capital Analysis and Review (CCAR). The Journal of Operational Risk also welcomes papers on nonfinancial risks as well as topics including, but not limited to, the following. The modeling and management of operational risk. Recent advances in techniques used to model operational risk, eg, copulas, correlation, aggregate loss distributions, Bayesian methods and extreme value theory. The pricing and hedging of operational risk and/or any risk transfer techniques. Data modeling external loss data, business control factors and scenario analysis. Models used to aggregate different types of data. Causal models that link key risk indicators and macroeconomic factors to operational losses. Regulatory issues, such as Basel II or any other local regulatory issue. Enterprise risk management. Cyber risk. Big data.