Featured Product

    BIS on Impact of Increasing Use of Cloud Technology on Cyber Risk

    May 20, 2020

    BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services. The paper highlights that the use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. However, as cloud connectivity increases and cloud providers become systemically important, cloud dependence is also likely to increase tail risks. The study finds that developing technological skills helps firms mitigate the costs of cyber incidents, as does more reliance on cloud services.

    Cloud technology can reduce IT costs, improve resilience, and enable firms to scale better. However, the technology strengthens interdependence across firms that have shared exposures to similar (or even the same) cloud service providers. This technology enables firms to rent computing power and storage from service providers, which gives them flexibility in their storage costs. However, all of this comes with some risks, as it involves firms inherently placing a lot of trust in vendors of cloud technology. The presence of a market failure through information asymmetry between buyer and vendor is rather well-recognized. Often users of cloud services may not know the exact location of their data or the other sources of the data collectively stored with theirs. The financial sector experiences the highest number of cyber incidents (especially of a malicious type, privacy and lost data incidents). However, banks and insurance companies incur more limited losses relative to other sectors, likely due to the effects of regulation and higher investment in cyber security. Additionally, crypto-related activities, which are largely unregulated, are associated with higher losses. 

    Nevertheless, cloud computing can be a target for cyber criminals and could pose a concern in terms of systemic risk. Providers of cloud services, undoubtedly have some of the best cyber-security experts and ultimately provide highly secure services, but tail risks could lead to substantial losses and potentially bring the economy to a halt. Moreover, the market for cloud services is highly concentrated and there are warnings about increased homogeneity and the greater risk of single points of failure. Through shared software, hardware, and vendors, incidents could, in principle, spread more quickly, leading to higher overall costs. The impact of the use of cloud services in the case of cyber attacks can thus go both ways and clearly depends on the benefit-risk analysis. Based on this, the authors have made a hypothesis. A higher dependency on cloud technologies can alter losses from cyber events. However, the net benefit depends on the connectivity of the cyber incidents and the size of the shock.

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cloud Computing, Cyber Risk, Systemic Risk, Operational Risk, BIS

    Featured Experts
    Related Articles
    News

    HKMA Urges Early Action for Adherence to IBOR Fallbacks Protocol

    HKMA urged authorized institutions to take early action to adhere to the IBOR Fallbacks Protocol, which ISDA is expected to publish soon.

    October 16, 2020 WebPage Regulatory News
    News

    FSB Sets Out Roadmap for Transition to Alternative Reference Rates

    FSB published a global transition roadmap for London Inter-bank Offered Rate (LIBOR).

    October 16, 2020 WebPage Regulatory News
    News

    HM Treasury Publishes Response to Proposal on BRRD2 Transposition

    HM Treasury published a document that summarizes the responses received from a consultation on the approach of UK to transposition of the revised Bank Resolution and Recovery Directive (BRRD2).

    October 15, 2020 WebPage Regulatory News
    News

    HM Treasury Publishes Response to Proposal on CRD5 Transposition

    HM Treasury published the government response to the feedback received on the consultation for updating the prudential regime of UK before the end of the Brexit transition period.

    October 15, 2020 WebPage Regulatory News
    News

    PRA Updates Supervisory Statement on Counterparty Credit Risk

    PRA published the final policy statement PS22/20, which contains the updated supervisory statement SS12/13 on counterparty credit risk.

    October 14, 2020 WebPage Regulatory News
    News

    FSB Publishes Update on Work to Address Market Fragmentation

    FSB published an update on its work to address market fragmentation. FSB is working in this area in collaboration with the other standard-setting bodies.

    October 14, 2020 WebPage Regulatory News
    News

    EBA Proposes to Revise Guidelines on Incident Reporting Under PSD2

    EBA proposed revisions to the guidelines on major incident reporting under the second Payment Service Directive (PSD2).

    October 14, 2020 WebPage Regulatory News
    News

    EBA Finalizes Standards for Prudential Treatment of Software Assets

    EBA published the final draft regulatory technical standards specifying the methodology for prudential treatment of software assets by banks.

    October 14, 2020 WebPage Regulatory News
    News

    FSB Publishes Roadmap on Cross-Border Payments, Report on Stablecoins

    FSB published a report presenting the roadmap to enhance cross-border payments by providing a high-level plan that sets ambitious but achievable goals and milestones in the five focus areas.

    October 13, 2020 WebPage Regulatory News
    News

    EIOPA Urges Insurers to Prepare for End of Brexit Transition

    In a recent communication, EIOPA urged the insurance sector to complete its preparations for the end of the Brexit transition period on December 31, 2020.

    October 13, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5959