DP17403 Cyber security and ransomware in financial markets
|Author(s):||Toni Ahnert, Michael Brolley, David Cimon, Ryan Riordan|
|Publication Date:||June 2022|
|Programme Areas:||Financial Economics|
|Link to this Page:||cepr.org/active/publications/discussion_papers/dp.php?dpno=17403|
Financial markets are under constant threat of cyber attacks. We develop a principal-agent model of cyber-attacking with fee-paying clients who delegate security decisions to financial platforms. We derive testable implications about cyber attack vulnerability and fees charged. We also characterize the form of cyber attack chosen by attackers. Successful ransomware attacks are more likely than traditional attacks. When security is unobservable, platforms underinvest in security. Welfare can improve by targeting security investment through regulation (e.g. minimum security standards), or by improving transparency (e.g. security ratings). Our results support regulatory efforts to increase transparency around cyber security and cyber attacks.