Featured Product

    BIS on Impact of Increasing Use of Cloud Technology on Cyber Risk

    May 20, 2020

    BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services. The paper highlights that the use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. However, as cloud connectivity increases and cloud providers become systemically important, cloud dependence is also likely to increase tail risks. The study finds that developing technological skills helps firms mitigate the costs of cyber incidents, as does more reliance on cloud services.

    Cloud technology can reduce IT costs, improve resilience, and enable firms to scale better. However, the technology strengthens interdependence across firms that have shared exposures to similar (or even the same) cloud service providers. This technology enables firms to rent computing power and storage from service providers, which gives them flexibility in their storage costs. However, all of this comes with some risks, as it involves firms inherently placing a lot of trust in vendors of cloud technology. The presence of a market failure through information asymmetry between buyer and vendor is rather well-recognized. Often users of cloud services may not know the exact location of their data or the other sources of the data collectively stored with theirs. The financial sector experiences the highest number of cyber incidents (especially of a malicious type, privacy and lost data incidents). However, banks and insurance companies incur more limited losses relative to other sectors, likely due to the effects of regulation and higher investment in cyber security. Additionally, crypto-related activities, which are largely unregulated, are associated with higher losses. 

    Nevertheless, cloud computing can be a target for cyber criminals and could pose a concern in terms of systemic risk. Providers of cloud services, undoubtedly have some of the best cyber-security experts and ultimately provide highly secure services, but tail risks could lead to substantial losses and potentially bring the economy to a halt. Moreover, the market for cloud services is highly concentrated and there are warnings about increased homogeneity and the greater risk of single points of failure. Through shared software, hardware, and vendors, incidents could, in principle, spread more quickly, leading to higher overall costs. The impact of the use of cloud services in the case of cyber attacks can thus go both ways and clearly depends on the benefit-risk analysis. Based on this, the authors have made a hypothesis. A higher dependency on cloud technologies can alter losses from cyber events. However, the net benefit depends on the connectivity of the cyber incidents and the size of the shock.

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cloud Computing, Cyber Risk, Systemic Risk, Operational Risk, BIS

    Related Articles
    News

    EBA Guide to Monitor Threshold for Intermediate Parent Undertakings

    The European Banking Authority (EBA) published the final guidelines on the monitoring of the threshold and other procedural aspects on the establishment of intermediate parent undertakings in European Union (EU), as laid down in the Capital Requirements Directive (CRD).

    July 28, 2021 WebPage Regulatory News
    News

    PRA Finalizes Approach to Supervision of International Banks

    In a recent Market Notice, the Bank of England (BoE) confirmed that green gilts will have equivalent eligibility to existing gilts in its market operations.

    July 26, 2021 WebPage Regulatory News
    News

    FCA Issues PS21/9 on Implementation of Investment Firms Regime

    The Financial Conduct Authority (FCA) published the policy statement PS21/9 on implementation of the Investment Firms Prudential Regime.

    July 26, 2021 WebPage Regulatory News
    News

    EBA Proposes Regulatory Standards to Identify Shadow Banking Entities

    The European Banking Authority (EBA) proposed regulatory technical standards that set out criteria for identifying shadow banking entities for the purpose of reporting large exposures.

    July 26, 2021 WebPage Regulatory News
    News

    IOSCO Proposes Recommendations on ESG Ratings and Data Providers

    The Board of the International Organization of Securities Commissions (IOSCO) proposed a set of recommendations on the environmental, social, and governance (ESG) ratings and data providers.

    July 26, 2021 WebPage Regulatory News
    News

    ESMA Group Issues Recommendations on RFR Switch in Interdealer Market

    The European Securities and Markets Authority (ESMA) published recommendations from the Working Group on Euro Risk-Free Rates (RFR) on the switch to risk-free rates in the interdealer market.

    July 26, 2021 WebPage Regulatory News
    News

    EC to Defer Application of SFDR Standards Till July 2022

    The European Commission (EC) announced plans to defer the application of 13 regulatory technical standards under the Sustainable Finance Disclosure Regulation (2019/2088) by six months, from January 01, 2022 to July 01, 2022.

    July 23, 2021 WebPage Regulatory News
    News

    EIOPA Consults on Reporting and Disclosures Under Solvency II

    The European Insurance and Occupational Pensions Authority (EIOPA) proposed to amend the supervisory statement on supervision of run-off undertakings that are subject to Solvency II regulation.

    July 23, 2021 WebPage Regulatory News
    News

    BoE Consults on Approach to Setting MREL, Publishes Bail-In Guidance

    The Bank of England (BoE) published a consultation paper on approach to setting minimum requirement for own funds and eligible liabilities (MREL), an operational guide on executing bail-in, and a statement from the Deputy Governor Dave Ramsden.

    July 22, 2021 WebPage Regulatory News
    News

    EBA Seeks Views on Proportionality Assessment Methodology

    The European Banking Authority (EBA) is seeking preliminary input on standardization of the proportionality assessment methodology for credit institutions and investment firms.

    July 22, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7295