Discussion paper

DP13324 Some Principles for Regulating Cyber Risk

We explain why cyber risk differs from other operational risks in the financial sector. The form of cyber shocks differs because of their intent, probability of success, possibility of a hidden phase and evolving form of the risks. The impact differs because problems can spread quickly and because uncertainty over the possibility of a hidden phase can impact responses. We explain why private incentives to attend to these risks may differ from societies’ preferences and develop six (micro- and macroprudential) regulatory principles to deal with cyber risk.

£6.00
Citation

Kashyap, A and A Wetherilt (eds) (2018), “DP13324 Some Principles for Regulating Cyber Risk”, CEPR Press Discussion Paper No. 13324. https://new.cepr.org/publications/dp13324