Featured Product

    BIS on Impact of Increasing Use of Cloud Technology on Cyber Risk

    May 20, 2020

    BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services. The paper highlights that the use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. However, as cloud connectivity increases and cloud providers become systemically important, cloud dependence is also likely to increase tail risks. The study finds that developing technological skills helps firms mitigate the costs of cyber incidents, as does more reliance on cloud services.

    Cloud technology can reduce IT costs, improve resilience, and enable firms to scale better. However, the technology strengthens interdependence across firms that have shared exposures to similar (or even the same) cloud service providers. This technology enables firms to rent computing power and storage from service providers, which gives them flexibility in their storage costs. However, all of this comes with some risks, as it involves firms inherently placing a lot of trust in vendors of cloud technology. The presence of a market failure through information asymmetry between buyer and vendor is rather well-recognized. Often users of cloud services may not know the exact location of their data or the other sources of the data collectively stored with theirs. The financial sector experiences the highest number of cyber incidents (especially of a malicious type, privacy and lost data incidents). However, banks and insurance companies incur more limited losses relative to other sectors, likely due to the effects of regulation and higher investment in cyber security. Additionally, crypto-related activities, which are largely unregulated, are associated with higher losses. 

    Nevertheless, cloud computing can be a target for cyber criminals and could pose a concern in terms of systemic risk. Providers of cloud services, undoubtedly have some of the best cyber-security experts and ultimately provide highly secure services, but tail risks could lead to substantial losses and potentially bring the economy to a halt. Moreover, the market for cloud services is highly concentrated and there are warnings about increased homogeneity and the greater risk of single points of failure. Through shared software, hardware, and vendors, incidents could, in principle, spread more quickly, leading to higher overall costs. The impact of the use of cloud services in the case of cyber attacks can thus go both ways and clearly depends on the benefit-risk analysis. Based on this, the authors have made a hypothesis. A higher dependency on cloud technologies can alter losses from cyber events. However, the net benefit depends on the connectivity of the cyber incidents and the size of the shock.

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cloud Computing, Cyber Risk, Systemic Risk, Operational Risk, BIS

    Related Articles
    News

    PRA and FPC Finalize Changes to Leverage Ratio Framework in UK

    The Prudential Regulation Authority (PRA) published the final policy statement PS21/21 on the leverage ratio framework in the UK. PS21/21, which sets out the final policy of both the Financial Policy Committee (FPC) and PRA

    October 08, 2021 WebPage Regulatory News
    News

    CFPB Proposes Rule on Small Business Lending Data Collection

    The Consumer Financial Protection Bureau (CFPB) proposed to amend Regulation B to implement changes to the Equal Credit Opportunity Act (ECOA) under Section 1071 of the Dodd-Frank Act.

    October 08, 2021 WebPage Regulatory News
    News

    PRA Decides to Maintain O-SII Buffers for Another Year

    The Prudential Regulation Authority (PRA) decided to maintain, at the 2019 levels, the buffer rates for the Other Systemically Important Institutions (O-SII) for another year, with no new rates to be set until December 2023.

    October 08, 2021 WebPage Regulatory News
    News

    FSB Report Assesses Implementation of Recommendations on Stablecoins

    The Financial Stability Board (FSB) published a progress report on implementation of its high-level recommendations for the regulation, supervision, and oversight of global stablecoin arrangements.

    October 07, 2021 WebPage Regulatory News
    News

    APRA Updates Loan Serviceability Expectations for Home Lending

    In a letter to the authorized deposit taking institutions, the Australian Prudential Regulation Authority (APRA) announced an increase in the minimum interest rate buffer it expects banks to use when assessing the serviceability of home loan applications.

    October 06, 2021 WebPage Regulatory News
    News

    CPMI and IOSCO Consult on Guidance on Stablecoin Arrangements

    The Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) are consulting on the preliminary guidance that clarifies that stablecoin arrangements should observe international standards for payment, clearing, and settlement systems.

    October 06, 2021 WebPage Regulatory News
    News

    EBA and EIOPA Set Out Work Priorities for 2022

    The European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) have set out their respective work priorities for 2022.

    October 05, 2021 WebPage Regulatory News
    News

    MFSA Issues Reporting Updates and Guidance for Banks

    The Malta Financial Services Authority (MFSA) updated the guidelines on supervisory reporting requirements under the reporting framework 3.0, in addition to the reporting module on leverage under the common reporting (COREP) framework.

    October 05, 2021 WebPage Regulatory News
    News

    EC Publishes Decision on List of Equivalent Third Countries Under CRR

    The European Commission (EC) published the Implementing Decision 2021/1753 on the equivalence of supervisory and regulatory requirements of certain third countries and territories for the purposes of the treatment of exposures, in accordance with the Capital Requirements Regulation or CRR (575/2013).

    October 04, 2021 WebPage Regulatory News
    News

    EC Rule on Contractual Recognition of Write-Down and Conversion Powers

    EC published the Implementing Regulation 2021/1751, which lays down implementing technical standards on uniform formats and templates for notification of determination of the impracticability of including contractual recognition of write-down and conversion powers.

    October 04, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7552