Cyber risk definition and classification for financial risk management

Abstract

Cyber risk is undeniably one of the most critical emerging risks to the financial industry. However, even though cyber risk is recognized as a significant threat to financial institutions and, more generally, to financial stability, the lack of proper data on cyber risk losses impedes efforts to effectively measure and manage this risk. This paper aims to address this gap by providing a cyber risk definition and classification scheme for risk management purposes, to be used as a data collection template for financial institutions. As such, the proposed scheme would ensure that the adopting institutions utilize common language and would allow consistent data collection and sharing.We provide a deeper dive into the reasoning behind the variables we propose to collect and demonstrate how some of the existing cyber security events map into our proposed scheme.