DP17403 Cyber security and ransomware in financial markets

Author(s): Toni Ahnert, Michael Brolley, David Cimon, Ryan Riordan
Publication Date: June 2022
Programme Areas: Financial Economics
Link to this Page: cepr.org/active/publications/discussion_papers/dp.php?dpno=17403

Financial markets are under constant threat of cyber attacks. We develop a principal-agent model of cyber-attacking with fee-paying clients who delegate security decisions to financial platforms. We derive testable implications about cyber attack vulnerability and fees charged. We also characterize the form of cyber attack chosen by attackers. Successful ransomware attacks are more likely than traditional attacks. When security is unobservable, platforms underinvest in security. Welfare can improve by targeting security investment through regulation (e.g. minimum security standards), or by improving transparency (e.g. security ratings). Our results support regulatory efforts to increase transparency around cyber security and cyber attacks.