Featured Product

    BIS on Impact of Increasing Use of Cloud Technology on Cyber Risk

    May 20, 2020

    BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services. The paper highlights that the use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. However, as cloud connectivity increases and cloud providers become systemically important, cloud dependence is also likely to increase tail risks. The study finds that developing technological skills helps firms mitigate the costs of cyber incidents, as does more reliance on cloud services.

    Cloud technology can reduce IT costs, improve resilience, and enable firms to scale better. However, the technology strengthens interdependence across firms that have shared exposures to similar (or even the same) cloud service providers. This technology enables firms to rent computing power and storage from service providers, which gives them flexibility in their storage costs. However, all of this comes with some risks, as it involves firms inherently placing a lot of trust in vendors of cloud technology. The presence of a market failure through information asymmetry between buyer and vendor is rather well-recognized. Often users of cloud services may not know the exact location of their data or the other sources of the data collectively stored with theirs. The financial sector experiences the highest number of cyber incidents (especially of a malicious type, privacy and lost data incidents). However, banks and insurance companies incur more limited losses relative to other sectors, likely due to the effects of regulation and higher investment in cyber security. Additionally, crypto-related activities, which are largely unregulated, are associated with higher losses. 

    Nevertheless, cloud computing can be a target for cyber criminals and could pose a concern in terms of systemic risk. Providers of cloud services, undoubtedly have some of the best cyber-security experts and ultimately provide highly secure services, but tail risks could lead to substantial losses and potentially bring the economy to a halt. Moreover, the market for cloud services is highly concentrated and there are warnings about increased homogeneity and the greater risk of single points of failure. Through shared software, hardware, and vendors, incidents could, in principle, spread more quickly, leading to higher overall costs. The impact of the use of cloud services in the case of cyber attacks can thus go both ways and clearly depends on the benefit-risk analysis. Based on this, the authors have made a hypothesis. A higher dependency on cloud technologies can alter losses from cyber events. However, the net benefit depends on the connectivity of the cyber incidents and the size of the shock.

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cloud Computing, Cyber Risk, Systemic Risk, Operational Risk, BIS

    Featured Experts
    Related Articles
    News

    HKMA Announces Repayment Deferment Under Payment Holiday Scheme

    HKMA, together with the Banking Sector Small and Medium-Size Enterprise (SME) Lending Coordination Mechanism, announced a ninety-day repayment deferment for trade facilities under the Pre-approved Principal Payment Holiday Scheme.

    August 05, 2020 WebPage Regulatory News
    News

    ESRB Paper Presents Alternative Approach to EBA Stress Test Proposal

    The Advisory Scientific Committee of ESRB published a response, in the form of an Insights Paper, to the EBA proposals for reforms to the stress testing framework in EU.

    August 05, 2020 WebPage Regulatory News
    News

    MAS Announces Key Initiatives to Support Adoption of SORA

    MAS announced several initiatives to support adoption of the Singapore Overnight Rate Average (SORA), which is administered by MAS.

    August 05, 2020 WebPage Regulatory News
    News

    BoE Updates Template and Definitions for Form ER

    BoE updated the reporting template for Form ER as well as the Form ER definitions, which contain guidance on the methodology to be used in calculating annualized interest rates.

    August 05, 2020 WebPage Regulatory News
    News

    PRA to Extend Temporary High Balance Coverage Amid COVID Crisis

    PRA published the policy statement PS19/20 on the final policy for extending coverage under the Financial Services Compensation Scheme (FSCS) for Temporary High Balance.

    August 04, 2020 WebPage Regulatory News
    News

    EBA Publishes Standards on Disclosure and Reporting of MREL and TLAC

    EBA published the final draft implementing technical standards for disclosures and reporting on the minimum requirements for own funds and eligible liabilities (MREL) and the total loss-absorbing capacity (TLAC) requirements in EU.

    August 03, 2020 WebPage Regulatory News
    News

    EBA Releases Erratum for Phase 2 Package on Reporting Framework 2.10

    EBA published an erratum for the phase 2 of technical package on the reporting framework 2.10.

    August 03, 2020 WebPage Regulatory News
    News

    EC Sets Out Updated Technical Information for Solvency II Calculations

    EC published the Implementing Regulation 2020/1145, which lays down technical information for calculation of technical provisions and basic own funds.

    August 03, 2020 WebPage Regulatory News
    News

    US Agencies Issue Statement on Additional COVID-19 Loan Accommodations

    FFIEC, on behalf of its members that include US Agencies such as CFPB, FDIC, FED, NCUA, and OCC, issued a joint statement that sets out prudent risk management and consumer protection principles for financial institutions to consider while working with borrowers.

    August 03, 2020 WebPage Regulatory News
    News

    PRA Consults on Implementation of Certain Provisions of CRD5

    PRA, via the consultation paper CP12/20, proposed changes to its rules, supervisory statements, and statements of policy to implement certain elements of the Capital Requirements Directive (CRD5).

    July 31, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5622