Journal of Operational Risk

Risk.net

Cyber risk definition and classification for financial risk management

Filippo Curti, Jeffrey Gerlach, Sophia Kazinnik, Michael Lee and Atanas Mihov

  • Cyber risk is a critical emerging risk to the financial industry that poses a significant threat to financial stability.
  • The lack of proper data on cyber risk losses impedes efforts to effectively measure and manage this risk.
  • The paper proposes a cyber risk definition and classification scheme for risk management purposes that financial institutions can use as a data collection template.
  • The proposed scheme ensures that adopting institutions are utilizing common language, allowing for consistent data collection and sharing, and maps existing cybersecurity events into the scheme.

Cyber risk is undeniably one of the most critical emerging risks to the financial industry. However, even though cyber risk is recognized as a significant threat to financial institutions and, more generally, to financial stability, the lack of proper data on cyber risk losses impedes efforts to effectively measure and manage this risk. This paper aims to address this gap by providing a cyber risk definition and classification scheme for risk management purposes, to be used as a data collection template for financial institutions. As such, the proposed scheme would ensure that the adopting institutions utilize common language and would allow consistent data collection and sharing.We provide a deeper dive into the reasoning behind the variables we propose to collect and demonstrate how some of the existing cyber security events map into our proposed scheme.

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here