Financial Cyber Risk Is Not Systemic Risk
This interesting essay argues that financial risks are generally not systemic risks, and instead are generally much smaller. That’s certainly been our experience to date:
While systemic risk is frequently invoked as a key reason to be on guard for cyber risk, such a connection is quite tenuous. A cyber event might in extreme cases result in a systemic crisis, but to do so needs highly fortuitous timing.
From the point of view of policymaking, rather than simply asserting systemic consequences for cyber risks, it would be better if the cyber discussion were better integrated into the existing macroprudential dialogue. To us, the overall discussion of cyber and systemic risk seems to be too focused on IT considerations and not enough on economic consequences.
After all, if there are systemic consequences from cyber risk, the chain of causality will be found in the macroprudential domain.
Clive Robinson • June 10, 2016 3:44 PM
Hmm,
A cyber event might in extreme cases result in a systemic crisis, but to do so needs highly fortuitous timing.
Such timing is what APT can give you.
The reason “fortuitous timing” is comparatively rare is cyber-criminals tend to be very short term, almost “snatch and run” in nature. And because of that MO their activities tend to come onto the radar fairly quickly. Thus we only see “fortuitous timing” when one State is making a point to another state. Even though it was a rush job we saw that not so long ago when an ex Russian Republic had problems with their electrical grid.