Bank Disclosures of Cyber Exposure

43 Pages Posted: 6 Feb 2020

See all articles by Christina Parajon Skinner

Christina Parajon Skinner

University of Pennsylvania - The Wharton School

Date Written: November 1, 2019


Financial institutions are increasingly subject to cyber incidents and attacks. Cyber intrusions threaten these institutions’ balance-sheets and reputations, and can undermine their resilience. From a societal perspective, cyber risk is particularly concerning as it regards systemically important financial institutions, like the largest internationally active banks. This is because the stability of the financial system as a whole—and thus the real economy—depends on these banks’ resilience to stressful events, including cyber attacks. To date, the SEC has taken the lead among the financial regulators in addressing cyber risk, chiefly through an emphasis on disclosure. This Article critically examines the existing design of that mandatory disclosure regime by reviewing the content of nearly 900 SEC filings made by the seven systemically important U.S. bank holding companies over a three-year period. That review suggests that the current trajectory of SEC rules and guidance is in some ways overbroad as applied to these institutions; but in other ways, the rules and guidance remain inadequate to address the various public and private interests at stake. The Article urges the SEC to design a more nuanced set of rules for cyber disclosure, which would be better tailored for systemically important banks.

Keywords: disclosure, banks, SIFI, cyber risk, securities regulation

Suggested Citation

Skinner, Christina Parajon, Bank Disclosures of Cyber Exposure (November 1, 2019). Iowa Law Review, Vol. 105, 2019, Available at SSRN:

Christina Parajon Skinner (Contact Author)

University of Pennsylvania - The Wharton School ( email )

3641 Locust Walk
Philadelphia, PA 19104-6365
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics