Neil Gandal, Michael Riordan, Shalom Bublil, 04 June 2020

As digitalisation grows, cyber risks pose serious threats to businesses and consumers alike. However, the precautions taken to deal with these threats are often insufficient. This column examines the relationship between cyber vulnerabilities, (attempted) attacks, and precautions using firm-level data from the UK. More than 80% of the sampled firms have at least one vulnerability, and these firms were more than twice as likely to experience an incident compared to firms without vulnerabilities. Reducing vulnerabilities is key to dealing with cyberattacks and reducing cyber risks in the future.

Jon Danielsson, Morgane Fouché, Robert Macrae, 10 June 2016

The threat to the financial system posed by cyber risk is often claimed to be systemic. This column argues against this, pointing out that almost all cyber risk is microprudential. For a cyber attack to lead to a systemic crisis, it would need to be timed impeccably to coincide with other non-cyber events that undermine confidence in the financial system and the authorities. The only actors with enough resources to affect such an event are large sovereign states, and they could likely create the required uncertainty through simpler, financial means. 


CEPR Policy Research