Neil Gandal, Michael Riordan, Shalom Bublil, 04 June 2020

As digitalisation grows, cyber risks pose serious threats to businesses and consumers alike. However, the precautions taken to deal with these threats are often insufficient. This column examines the relationship between cyber vulnerabilities, (attempted) attacks, and precautions using firm-level data from the UK. More than 80% of the sampled firms have at least one vulnerability, and these firms were more than twice as likely to experience an incident compared to firms without vulnerabilities. Reducing vulnerabilities is key to dealing with cyberattacks and reducing cyber risks in the future.

Claudia Biancotti, Riccardo Cristadoro, 17 January 2018

Cyber attacks are becoming more frequent and increasingly costly. This column discusses some of the challenges involved in measuring the economic damage caused by these attacks, including a lack of agreement on how to assess damage, an asymmetrical distribution where a few large-scale incidents account for most costs, and externality effects. A measurement framework, estimation strategy, and reliable data will all be needed for successful policy evaluation.

Jon Danielsson, Morgane Fouché, Robert Macrae, 10 June 2016

The threat to the financial system posed by cyber risk is often claimed to be systemic. This column argues against this, pointing out that almost all cyber risk is microprudential. For a cyber attack to lead to a systemic crisis, it would need to be timed impeccably to coincide with other non-cyber events that undermine confidence in the financial system and the authorities. The only actors with enough resources to affect such an event are large sovereign states, and they could likely create the required uncertainty through simpler, financial means. 

Events

CEPR Policy Research