BIS Bulletin Examines Key Elements of Policy Response to Cyber Risk

The BIS Bulletin emphasizes that policy must consider two near-term trends. First, remote work is likely to remain higher than in the pre-COVID-19 period. Second, financial institutions are likely to continue to move parts of their IT operations to public cloud environments. As the market for cloud services is highly concentrated, there are warnings about increased homogeneity in the financial sector and single points of failure. A recent survey indicates that 82% of companies increased cloud usage as a result of the COVID-19 pandemic and 91% are planning a more strategic use of cloud in the near future. Through shared software, hardware, and vendors, incidents could, in principle, spread more quickly, leading to higher losses for financial institutions and stress in the financial system.

Policymakers and businesses are actively working together to mitigate cyber risks and their systemic implications. For instance, many private- and public-sector organizations are strengthening their operational resilience and many have engaged in “war games” or simulations of cyber-attacks. These exercises can help to identify vulnerabilities and enhance preparedness and lines of communication. Moreover, financial supervisors and overseers are leveraging national or international standards and guidance to promote cyber resilience. In addition to the global initiatives, several regional groups and cooperation forums are also working to address this challenge.

Related Links

• Notification
• Bulletin (PDF)

Keywords: International, Banking, Insurance, Securities, COVID-19, Cyber Risk, Systemic Risk, Cloud Computing, BIS