Cyber risk definition and classification for financial risk management

IF 0.4 4区 经济学 Q4 BUSINESS, FINANCE
Filippo Curti, Jeffrey R. Gerlach, Sophia Kazinnik, Michael Lee, Atanas Mihov
{"title":"Cyber risk definition and classification for financial risk management","authors":"Filippo Curti, Jeffrey R. Gerlach, Sophia Kazinnik, Michael Lee, Atanas Mihov","doi":"10.21314/jop.2022.036","DOIUrl":null,"url":null,"abstract":": Cyber risk is undeniably one of the most critical emerging risks to the financial industry. However, even though cyber risk is recognized as a significant threat to financial institutions and, more generally, to financial stability, the quantification and analysis of cyber risk has not yet matured to the point where it can be consistently measured and managed against corporate risk appetites. This impedes efforts to effectively measure and manage such risk, diminishing institutions’ individual and collective readiness to handle system-level cyber threats. This paper aims to address this gap by providing a preliminary cyber risk definition and classification of cyber risk for risk management purposes. As such, the proposed definition and classification would ensure that adopting institutions are utilizing common language and allowing consistent data collection and sharing. We provide a deeper dive into the reasoning behind the variables we propose to collect and demonstrate how some of the existing cybersecurity events map into our proposed scheme.","PeriodicalId":54030,"journal":{"name":"Journal of Operational Risk","volume":"195 1","pages":""},"PeriodicalIF":0.4000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Operational Risk","FirstCategoryId":"96","ListUrlMain":"https://doi.org/10.21314/jop.2022.036","RegionNum":4,"RegionCategory":"经济学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}
引用次数: 6

Abstract

: Cyber risk is undeniably one of the most critical emerging risks to the financial industry. However, even though cyber risk is recognized as a significant threat to financial institutions and, more generally, to financial stability, the quantification and analysis of cyber risk has not yet matured to the point where it can be consistently measured and managed against corporate risk appetites. This impedes efforts to effectively measure and manage such risk, diminishing institutions’ individual and collective readiness to handle system-level cyber threats. This paper aims to address this gap by providing a preliminary cyber risk definition and classification of cyber risk for risk management purposes. As such, the proposed definition and classification would ensure that adopting institutions are utilizing common language and allowing consistent data collection and sharing. We provide a deeper dive into the reasoning behind the variables we propose to collect and demonstrate how some of the existing cybersecurity events map into our proposed scheme.
金融风险管理中的网络风险定义与分类
网络风险无疑是金融行业面临的最关键的新兴风险之一。然而,尽管网络风险被认为是对金融机构的重大威胁,更广泛地说,是对金融稳定的重大威胁,但网络风险的量化和分析尚未成熟到可以根据企业的风险偏好对其进行持续衡量和管理的程度。这阻碍了有效衡量和管理此类风险的努力,降低了机构应对系统级网络威胁的个人和集体准备程度。本文旨在通过为风险管理目的提供初步的网络风险定义和网络风险分类来解决这一差距。因此,拟议的定义和分类将确保采用机构使用共同语言,并允许一致的数据收集和共享。我们将更深入地探讨我们建议收集的变量背后的原因,并演示一些现有的网络安全事件如何映射到我们建议的方案中。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Operational Risk
Journal of Operational Risk BUSINESS, FINANCE-
CiteScore
1.00
自引率
40.00%
发文量
6
期刊介绍: In December 2017, the Basel Committee published the final version of its standardized measurement approach (SMA) methodology, which will replace the approaches set out in Basel II (ie, the simpler standardized approaches and advanced measurement approach (AMA) that allowed use of internal models) from January 1, 2022. Independently of the Basel III rules, in order to manage and mitigate risks, they still need to be measurable by anyone. The operational risk industry needs to keep that in mind. While the purpose of the now defunct AMA was to find out the level of regulatory capital to protect a firm against operational risks, we still can – and should – use models to estimate operational risk economic capital. Without these, the task of managing and mitigating capital would be incredibly difficult. These internal models are now unshackled from regulatory requirements and can be optimized for managing the daily risks to which financial institutions are exposed. In addition, operational risk models can and should be used for stress tests and Comprehensive Capital Analysis and Review (CCAR). The Journal of Operational Risk also welcomes papers on nonfinancial risks as well as topics including, but not limited to, the following. The modeling and management of operational risk. Recent advances in techniques used to model operational risk, eg, copulas, correlation, aggregate loss distributions, Bayesian methods and extreme value theory. The pricing and hedging of operational risk and/or any risk transfer techniques. Data modeling external loss data, business control factors and scenario analysis. Models used to aggregate different types of data. Causal models that link key risk indicators and macroeconomic factors to operational losses. Regulatory issues, such as Basel II or any other local regulatory issue. Enterprise risk management. Cyber risk. Big data.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信