Featured Product

    BIS on Impact of Increasing Use of Cloud Technology on Cyber Risk

    May 20, 2020

    BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services. The paper highlights that the use of cloud services is associated with lower costs, especially when cyber incidents are relatively small. However, as cloud connectivity increases and cloud providers become systemically important, cloud dependence is also likely to increase tail risks. The study finds that developing technological skills helps firms mitigate the costs of cyber incidents, as does more reliance on cloud services.

    Cloud technology can reduce IT costs, improve resilience, and enable firms to scale better. However, the technology strengthens interdependence across firms that have shared exposures to similar (or even the same) cloud service providers. This technology enables firms to rent computing power and storage from service providers, which gives them flexibility in their storage costs. However, all of this comes with some risks, as it involves firms inherently placing a lot of trust in vendors of cloud technology. The presence of a market failure through information asymmetry between buyer and vendor is rather well-recognized. Often users of cloud services may not know the exact location of their data or the other sources of the data collectively stored with theirs. The financial sector experiences the highest number of cyber incidents (especially of a malicious type, privacy and lost data incidents). However, banks and insurance companies incur more limited losses relative to other sectors, likely due to the effects of regulation and higher investment in cyber security. Additionally, crypto-related activities, which are largely unregulated, are associated with higher losses. 

    Nevertheless, cloud computing can be a target for cyber criminals and could pose a concern in terms of systemic risk. Providers of cloud services, undoubtedly have some of the best cyber-security experts and ultimately provide highly secure services, but tail risks could lead to substantial losses and potentially bring the economy to a halt. Moreover, the market for cloud services is highly concentrated and there are warnings about increased homogeneity and the greater risk of single points of failure. Through shared software, hardware, and vendors, incidents could, in principle, spread more quickly, leading to higher overall costs. The impact of the use of cloud services in the case of cyber attacks can thus go both ways and clearly depends on the benefit-risk analysis. Based on this, the authors have made a hypothesis. A higher dependency on cloud technologies can alter losses from cyber events. However, the net benefit depends on the connectivity of the cyber incidents and the size of the shock.

     

    Related Links

    Keywords: International, Banking, Insurance, Securities, Cloud Computing, Cyber Risk, Systemic Risk, Operational Risk, BIS

    Featured Experts
    Related Articles

    PRA Publishes Q&A on Property Valuation Requirements Under CRR

    PRA published a set of questions and answers (Q&A) covering common queries regarding residential and commercial property valuations, for the purpose of the Capital Requirements Regulation (CRR), during the period of disruption caused by COVID-19 pandemic.

    May 29, 2020 WebPage Regulatory News
    News

    IOSCO Consults on Outsourcing Principles for Operational Resilience

    IOSCO proposed updates to its principles for regulated entities that outsource tasks to service providers.

    May 28, 2020 WebPage Regulatory News
    News

    MAS Consortium to Develop AI Fairness Metrics for Credit Scoring

    MAS announced that the first phase of the Veritas initiative will commence with the development of fairness metrics in credit risk scoring and customer marketing.

    May 28, 2020 WebPage Regulatory News

    BoE Updates Definitions for BTL Data Collection

    BoE published the Statistical Notice 2020/4 to update the buy-to-let (BTL) Phase 2 and Phase 3 definitions for the Interest Rate Type data item.

    May 28, 2020 WebPage Regulatory News
    News

    FSI Examines Financial Stability Implications of Payment Deferrals

    FSI published a brief note that examines challenges facing the banking sector as a result of the payment deferral programs put in place to support borrowers affected by the COVID-19 pandemic.

    May 28, 2020 WebPage Regulatory News
    News

    PRA Finalizes Policy on Prudent Person Principle Under Solvency II

    PRA published the policy statement PS14/20, which contains the supervisory statement SS1/20 and the feedback to responses to the consultation paper CP22/19 on expectations for investment by firms in accordance with the Prudent Person Principle, or PPP, as set out in the Investments Part of the PRA Rulebook.

    May 27, 2020 WebPage Regulatory News
    News

    EBA on Extending Large Exposure Limits for French Systemic Banks

    EBA published an opinion following the notification by the French macro-prudential authority, the Haut Conseil de Stabilité Financière (HCSF), of its intention to extend a measure introduced in 2018 on the use of Article 458(9) of the Capital Requirements Regulation (CRR).

    May 27, 2020 WebPage Regulatory News
    News

    ECB Highlights NPL Resolution as Key Policy Issue in Post-COVID Europe

    As part of a Research Bulletin on the recent policy-relevant work, ECB published an article that examines the lessons learned from past crises for nonperforming loan resolution in the post COVID-19 period.

    May 27, 2020 WebPage Regulatory News
    News

    RBNZ Publishes Financial Stability Report for May 2020

    RBNZ published the financial stability report for May 2020. This review of the financial system in the country highlights that the economic disruption associated with COVID-19 will present challenges to the financial system.

    May 27, 2020 WebPage Regulatory News
    News

    ECB Updates Guidance on Reporting of Securities Holdings Statistics

    ECB updated the guidance notes for reporting related to the statistics on holdings of securities by reporting banking groups (SHSG).

    May 26, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5231