Featured Product

    BIS on Impact of Increasing Use of Cloud Technology on Cyber Risk

    May 20, 2020

    BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services. The paper highlights that the use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. However, as cloud connectivity increases and cloud providers become systemically important, cloud dependence is also likely to increase tail risks. The study finds that developing technological skills helps firms mitigate the costs of cyber incidents, as does more reliance on cloud services.

    Cloud technology can reduce IT costs, improve resilience, and enable firms to scale better. However, the technology strengthens interdependence across firms that have shared exposures to similar (or even the same) cloud service providers. This technology enables firms to rent computing power and storage from service providers, which gives them flexibility in their storage costs. However, all of this comes with some risks, as it involves firms inherently placing a lot of trust in vendors of cloud technology. The presence of a market failure through information asymmetry between buyer and vendor is rather well-recognized. Often users of cloud services may not know the exact location of their data or the other sources of the data collectively stored with theirs. The financial sector experiences the highest number of cyber incidents (especially of a malicious type, privacy and lost data incidents). However, banks and insurance companies incur more limited losses relative to other sectors, likely due to the effects of regulation and higher investment in cyber security. Additionally, crypto-related activities, which are largely unregulated, are associated with higher losses. 

    Nevertheless, cloud computing can be a target for cyber criminals and could pose a concern in terms of systemic risk. Providers of cloud services, undoubtedly have some of the best cyber-security experts and ultimately provide highly secure services, but tail risks could lead to substantial losses and potentially bring the economy to a halt. Moreover, the market for cloud services is highly concentrated and there are warnings about increased homogeneity and the greater risk of single points of failure. Through shared software, hardware, and vendors, incidents could, in principle, spread more quickly, leading to higher overall costs. The impact of the use of cloud services in the case of cyber attacks can thus go both ways and clearly depends on the benefit-risk analysis. Based on this, the authors have made a hypothesis. A higher dependency on cloud technologies can alter losses from cyber events. However, the net benefit depends on the connectivity of the cyber incidents and the size of the shock.

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cloud Computing, Cyber Risk, Systemic Risk, Operational Risk, BIS

    Related Articles
    News

    APRA Updates Timelines for Revision of Market Risk Standards

    The Australian Prudential Regulation Authority (APRA) released an update on the timelines for revisions to the market risk prudential standards and the implications for the broader capital framework.

    October 27, 2021 WebPage Regulatory News
    News

    BCBS and IOSCO Propose Further Policy Work on Margining Practices

    Three global standard-setters launched a joint consultation that reviews the margining practices during the COVID-19 pandemic and identifies potential areas for further policy work.

    October 26, 2021 WebPage Regulatory News
    News

    BoE Seeks Information Before Migrating Statistical Reporting to BEEDS

    The Bank of England (BoE) published the Statistical Notice 2021/09 requiring additional information from firms and software vendors to assist in the onboarding and testing phases for migrating statistical reporting to the BEEDS portal.

    October 25, 2021 WebPage Regulatory News
    News

    EBA Finalizes Standards on Alternative SA for Market Risk

    The European Banking Authority (EBA) published the final draft regulatory technical standards on gross jump-to-default amounts and on residual risk add-on under the Capital Requirements Regulation or CRR.

    October 25, 2021 WebPage Regulatory News
    News

    FCA Publishes Final Rules on Investment Firms Prudential Regime

    The Financial Conduct Authority (FCA) published the final rules on the Investment Firms Prudential Regime (IFPR) to streamline and simplify the prudential requirements for solo-regulated UK firms authorized under the Markets in Financial Instruments Directive (MiFID).

    October 25, 2021 WebPage Regulatory News
    News

    ESAs Propose New Rules for Taxonomy-Related Product Disclosures

    The European Supervisory Authorities (ESAs) have delivered to the European Commission (EC) the final report on the draft regulatory technical standards for disclosures under the Sustainable Finance Disclosure Regulation (SFDR).

    October 25, 2021 WebPage Regulatory News
    News

    EBA Advice on Review of Crisis Management/Deposit Insurance Framework

    The European Banking Authority (EBA) published an advice to the European Commission (EC) on funding in resolution and insolvency as part of the review of the crisis management and deposit insurance (CMDI) framework.

    October 25, 2021 WebPage Regulatory News
    News

    FSOC Report Issues Recommendations to Address Climate Risks

    The Financial Stability Oversight Council (FSOC) released a report in response to the U.S. President's Executive Order on climate-related financial risk.

    October 21, 2021 WebPage Regulatory News
    News

    BIS Paper Mulls Policies to Alleviate Challenges Posed by Big Techs

    The Bank for International Settlements (BIS) published a paper that examines the business models and the associated risks posed by big technology firms foraying into financial services sector.

    October 21, 2021 WebPage Regulatory News
    News

    BIS to Launch Asian Green Bond Fund Early Next Year

    The Bank for International Settlements (BIS) announced the development of an Asian Green Bond Fund, in collaboration with the development financing community, to channel global central bank reserves to green projects in Asia Pacific.

    October 21, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7609