Rustam Jamilov, Hélène Rey, Ahmed Tahoun, 05 July 2021

Cyber risk poses serious threats for businesses around the world. This column develops a new text-based measure of cyber risk exposure by leveraging computational linguistics and quarterly earnings transcripts for 12,000+ firms from 85 countries over the past 20+ years. Cyber threats have tripled since 2013 and affected a lot more countries and industries. Cyber risks are priced into the stock market and are contagious. The authors conclude that cyber risk is a source of systemic risk for firms and markets.

Claudia Biancotti, Riccardo Cristadoro, 17 January 2018

Cyber attacks are becoming more frequent and increasingly costly. This column discusses some of the challenges involved in measuring the economic damage caused by these attacks, including a lack of agreement on how to assess damage, an asymmetrical distribution where a few large-scale incidents account for most costs, and externality effects. A measurement framework, estimation strategy, and reliable data will all be needed for successful policy evaluation.

Claudia Biancotti, Riccardo Cristadoro, Sabina Di Giuliomaria, Antonino Fazio, Giovanna Partipilo, 23 June 2017

Cybersecurity is becoming a vital concern for the functioning of a modern economy. This column argues that the threat of cyber attacks should be tackled economy-wide, with economic policies aimed at overcoming the externalities and information asymmetries that lead to suboptimal protection choices on the part of private agents. There is an urgent need for an improved understanding of microeconomic mechanisms in the cybersecurity market, and for reliable data upon which policy design can be based.

Jon Danielsson, Morgane Fouché, Robert Macrae, 10 June 2016

The threat to the financial system posed by cyber risk is often claimed to be systemic. This column argues against this, pointing out that almost all cyber risk is microprudential. For a cyber attack to lead to a systemic crisis, it would need to be timed impeccably to coincide with other non-cyber events that undermine confidence in the financial system and the authorities. The only actors with enough resources to affect such an event are large sovereign states, and they could likely create the required uncertainty through simpler, financial means. 


CEPR Policy Research