DP13324 Some Principles for Regulating Cyber Risk
| Author(s): | Anil K Kashyap, Anne Wetherilt |
| Publication Date: | November 2018 |
| Keyword(s): | cyber risk, macroprudential regulation, stress test |
| JEL(s): | G18, G28, L51, O33 |
| Programme Areas: | Financial Economics |
| Link to this Page: | cepr.org/active/publications/discussion_papers/dp.php?dpno=13324 |
We explain why cyber risk differs from other operational risks in the financial sector. The form of cyber shocks differs because of their intent, probability of success, possibility of a hidden phase and evolving form of the risks. The impact differs because problems can spread quickly and because uncertainty over the possibility of a hidden phase can impact responses. We explain why private incentives to attend to these risks may differ from societies' preferences and develop six (micro- and macroprudential) regulatory principles to deal with cyber risk.