A multi-level approach to understanding the impact of cyber crime on the financial sector

Abstract

This paper puts forward a multi-level model, based on system dynamics methodology, to understand the impact of cyber crime on the financial sector. Consistent with recent findings, our results show that strong dynamic relationships, amongst tangible and intangible factors, affect cyber crime cost and occur at different levels of society and value network. Specifically, shifts in financial companies' strategic priorities, having the protection of customer trust and loyalty as a key objective, together with considerations related to market positioning vis-à-vis competitors are important factors in determining the cost of cyber crime. Most of these costs are not driven by the number of cyber crime incidents experienced by financial companies but rather by the way financial companies choose to go about in protecting their business interests and market positioning in the presence of cyber crime. Financial companies' strategic behaviour as response to cyber crime, especially in regard to over-spending on defence measures and chronic under-reporting, has also an important consequence at overall sector and society levels, potentially driving the cost of cyber crime even further upwards. Unwanted consequences, such as weak policing, weak international frameworks for tackling cyber attacks and increases in the jurisdictional arbitrage opportunities for cyber criminals can all increase the cost of cyber crime, while inhibiting integrated and effective measures to address the problem.