Cyber risk
Cyber insurance premiums dropped unexpectedly in 2025
Competition among carriers drives down premiums, despite increasing frequency and severity of attacks
Improving data for managing cyber risk and building resilience
The authors investigate current and proposed cyber risk reporting requirement and describe the data gaps that remain before discussing how a better and harmonized cyber incident data collection rule could improve cybersecurity.
Risk managers question US reach of Dora third-party list
Some EU subsidiaries included, but regulator control over cloud providers could still be limited
EU single portal faces battle to unify cyber incident reporting
Digital omnibus package accused of lacking ambition to truly streamline notification requirements
Treasury market urged to beef up operational resilience plans
NY Fed panel warns about impact of AI and reliance on critical third parties
How conflict sharpened Israel’s role in cyber security
Recent growth in offshoring of infosec comes despite regulatory focus on supply-chain resilience
Op risk data: For Yes Bank, no mercy over insider fraud
Also: Cracking Brazil’s Pix hacks, Macquarie fund fumble, and taxing time for Crédit Agricole. Data by ORX News
Quantum-readiness for the financial system: a road map
This paper provides a framework to support the financial system in the transition to quantum-safe cryptographic infrastructures, emphasising the need to start the transition today.
Cyber risk triggers alarm bells for credit portfolio managers
Attack on Jaguar Land Rover highlights difficulties modelling unpredictable impact of outages
First line of defence dominates third-party risk management
1LoD survey finds 86% of control functions think they have sole responsibility for vendors
Op risk data: 1MDB scandal still haunts Wall Street
Also: Woodford in hot water, Salesforce voice phishing hooks multiple firms. Data by ORX News
Dora delay leaves EU banks fighting for their audit rights
Regulation requires firms to expand scrutiny of critical vendors that haven’t yet been identified
CFTC operational resilience rules have ‘no chance’ of revival
Commissioner Johnson touts framework as response to Ion hack, but lawyers say it misses target
Op risk data: Santander takes hefty historic hit over PPI mis-selling
Also: Brazil’s cyber screw-up, Barclays’ AML mishap, and MAS metes out more AML fines. Data by ORX News
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now
Ninety-one per cent of banks have specialist teams for resilience risk
Latest survey shows regulatory pressure is driving broader framing of resilience, beyond IT and cyber
Glass houses: US agencies urged to shore up cyber defences
Email hack at OCC raises concerns over more widespread frailty at regulators
Op risk data: GVA and Nobitex in geopolitical risk strikes
Also: UBS chief a target of third-party data hack, internal bank frauds in Asia. Data by ORX News
Regulators urged to use Dora reporting to track systemic risk
Risk Live: Bankers and regulator say governance requirements for new rules are complex to implement
Op risk data: Rates bait and switch incurs Capital One punishment
Also: Crypto firms suffer cyber setbacks, Umpqua in Ponzi play, and QSuper premium palaver. Data by ORX News
SEC faces debate over possible cull of cyber security rules
Lobby groups pushing for regulator to roll back disclosures, but investors take a different view