Cyber Security and Ransomware in Financial Markets
52 Pages Posted: 17 Mar 2022 Last revised: 21 Jun 2022
Date Written: June 20, 2022
Financial markets are under constant threat of cyber attacks. We develop a principal-agent model of cyber-attacking with fee-paying clients who delegate security decisions to financial platforms. We derive testable implications about cyber attack vulnerability and fees charged. We also characterize the form of cyber attack chosen by attackers. Successful ransomware attacks are more likely than traditional attacks. When security is unobservable, platforms underinvest in security. Welfare can improve by targeting security investment through regulation (e.g. minimum security standards), or by improving transparency (e.g. security ratings). Our results support regulatory efforts to increase transparency around cyber security and cyber attacks.
Keywords: Cyber security, financial markets, platforms, ransomware, principal-agent
JEL Classification: G10, G28
Suggested Citation: Suggested Citation