Estimation of Losses Due to Cyber Risk for Financial Institutions

20 Pages Posted: 21 May 2019

See all articles by Antoine Bouveret

Antoine Bouveret

European Securities and Markets Authority

Date Written: May 21, 2019

Abstract

Cyber risk has emerged as a key threat to financial institutions. The objective of this paper is to analyze cyber risk from an operational risk perspective and to measure cyber risk empirically. Using a novel data set on cyber attacks, we analyze the main characteristics of cyber attacks and identify patterns using correspondence analysis. We apply the loss distribution approach to the data set and show that the distribution of losses due to cyber risk has a heavy tail and is best modeled by a generalized Pareto distribution. We derive risk measures under different scenarios and show that the estimated losses are substantially larger than the size of the cyber-insurance market. Our results emphasize the need to improve the modeling of cyber risk from an operational risk perspective.

Keywords: operational risk, cyber risk, loss distribution approach (LDA), risk management

Suggested Citation

Bouveret, Antoine, Estimation of Losses Due to Cyber Risk for Financial Institutions (May 21, 2019). Journal of Operational Risk, Forthcoming. Available at SSRN: https://ssrn.com/abstract=3391740

Antoine Bouveret (Contact Author)

European Securities and Markets Authority ( email )

103 Rue de Grenelle
Paris, IDF 75007
France

HOME PAGE: http://www.esma.europa.eu

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
2
Abstract Views
304
PlumX Metrics